CVE-2006-2458

Libextractor - Buffer Overflow

Title source: rule

Description

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdosmultiple

https://www.exploit-db.com/exploits/1801

View Code ZIP pw:eip

References (15)

[Various Sources] http://gnunet.org/libextractor/

[Patch, Vendor Advisory] http://secunia.com/advisories/20150

[Exploit, Patch] http://securitytracker.com/id?1016118

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/434288/100/0/threaded

[Exploit, Patch] http://www.securityfocus.com/bid/18021

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26531

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26532

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2006-06-02.html

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1081

[Third Party Advisory] http://secunia.com/advisories/20160

[Third Party Advisory] http://secunia.com/advisories/20326

[Third Party Advisory] http://secunia.com/advisories/20457

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1848

[Third Party Advisory] http://securityreason.com/securityalert/916

Scores

EPSS 0.1911

EPSS Percentile 95.4%

Details

Status published

Products (2)

libextractor/libextractor 0.5.13

pypi/extractor PyPI

Published May 18, 2006

Tracked Since Feb 18, 2026