Candidate: CVE-2019-15531
PublicDate: 2019-08-23 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15531
 https://bugs.gnunet.org/view.php?id=5846
 https://git.gnunet.org/libextractor.git/commit/?id=d2b032452241708bee68d02aa02092cfbfba951a
 https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html
Description:
 GNU Libextractor through 1.9 has a heap-based buffer over-read in the
 function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
Ubuntu-Description:
 It was discovered that Libextractor incorrectly handled certain files.
 An attacker could possibly use this issue to cause a denial of service.
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935553
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_libextractor:
upstream_libextractor: released (1:1.9-2)
precise/esm_libextractor: DNE
trusty_libextractor: ignored (out of standard support)
trusty/esm_libextractor: DNE
xenial_libextractor: ignored (end of standard support, was needed)
bionic_libextractor: needed
disco_libextractor: ignored (reached end-of-life)
eoan_libextractor: not-affected (1:1.9-2)
focal_libextractor: not-affected (1:1.9-2)
groovy_libextractor: not-affected (1:1.9-2)
hirsute_libextractor: not-affected (1:1.9-2)
impish_libextractor: not-affected (1:1.9-2)
jammy_libextractor: not-affected (1:1.9-2)
devel_libextractor: not-affected (1:1.9-2)