CVE-2006-2458

Description

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

How to fix CVE-2006-2458

To remediate CVE-2006-2458, upgrade the affected package to a fixed version below.

• Debian/libextractor—upgrade to 0.5.14-1 or later
• Debian/libextractor—upgrade to 0.4.2-2sarge5 or later
• PyPI/extractor—no fix listed
• —no fix listed

Is CVE-2006-2458 being exploited?

Moderate — EPSS is 31.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (4)

• from 0, < 0.5.14-1
• from 0, < 0.4.2-2sarge5

References (19)

• ADVISORYsecunia.com/advisories/20150
• ADVISORYsecunia.com/advisories/20160
• ADVISORYsecunia.com/advisories/20326
• ADVISORYsecunia.com/advisories/20457
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2006-2458