GNU Libextractor Multiple Security Vulnerabilities

GNU Libextractor is prone to multiple security vulnerabilities.

1. A remote denial-of-service vulnerability
2. An out-of-bound read access vulnerability
Attackers can exploit these issues to crash the application denying service to legitimate users or disclose sensitive information that may aid in further attacks.


Bugtraq ID: 106300
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2018-20430

Remote: Yes
Local: No
Published: Dec 24 2018 12:00AM
Updated: Dec 24 2018 12:00AM
Credit: Jin
Vulnerable: GNU libextractor 1.8
GNU libextractor 1.7
GNU libextractor 1.6
GNU libextractor 1.4

Not Vulnerable:


The researcher who discovered these issues has created a proof-of-concept. Please see the references for more information.

Related Posts