Debian Security Advisory
DLA-1478-1 libextractor -- LTS security update
- Date Reported:
- 26 Aug 2018
- Affected Packages:
- libextractor
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-14346, CVE-2018-14347.
- More information:
-
It was discovered that there were two vulnerabilities in libextractor, a library to obtain metadata from files of arbitrary type.
- A stack-based buffer overflow in unzip.c. (CVE-2018-14346)
- An infinite loop vulnerability in mpeg_extractor.c. (CVE-2018-14347)
For Debian 8
Jessie
, these issues have been fixed in libextractor version 1:1.3-2+deb8u2.We recommend that you upgrade your libextractor packages.