Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2458

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-2458
Last Modified 07 Mar 2011 09:36:14
Published 18 May 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2458

Summary

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

Vulnerable Systems

Application

  • Libextractor 0.5.13


References

BID - 18021

BUGTRAQ - 20060517 Two heap overflow in libextractor 0.5.13 (rev 2832)

SECTRACK - 1016118

SECUNIA - 20150

VUPEN - ADV-2006-1848

XF - libextractor-qtextractor-bo(26532)

XF - libextractor-asfextractor-bo(26531)

SUSE - SUSE-SR:2006:012

GENTOO - GLSA-200605-14

DEBIAN - DSA-1081

SREASON - 916

SECUNIA - 20457

SECUNIA - 20326

SECUNIA - 20160

CONFIRM - http://gnunet.org/libextractor/


Last Updated: 27 May 2016 10:42:28