PublicDateAtUSN: 2017-12-06 17:29:00 UTC Candidate: CVE-2017-17440 PublicDate: 2017-12-06 17:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17440 https://bugs.debian.org/883528#35 https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html https://ubuntu.com/security/notices/USN-4641-1 Description: GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c. Ubuntu-Description: It was discovered tha Libextractor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883528 Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM] Patches_libextractor: other: https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e upstream_libextractor: released (1:1.3-2+deb8u1, 1:1.3-4+deb9u1, 1:1.6-2) precise/esm_libextractor: DNE trusty_libextractor: ignored (reached end-of-life) trusty/esm_libextractor: DNE (trusty was needed) xenial_libextractor: released (1:1.3-4+deb9u3build0.16.04.1) zesty_libextractor: ignored (reached end-of-life) artful_libextractor: ignored (reached end-of-life) bionic_libextractor: not-affected (1:1.6-2) cosmic_libextractor: not-affected (1:1.6-2) disco_libextractor: not-affected (1:1.6-2) eoan_libextractor: not-affected (1:1.6-2) focal_libextractor: not-affected (1:1.6-2) groovy_libextractor: not-affected (1:1.6-2) devel_libextractor: not-affected (1:1.6-2)