CVE-2017-17440

Current Description

GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.

Basic Data

PublishedDecember 06, 2017
Last ModifiedDecember 22, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-476
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionREQUIRED
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactNONE
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score6.5
CVSS 3 - Base SeverityMEDIUM
Exploitability Score2.8
Base SeverityMEDIUM

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGnuLibextractor1.6*******

Vulnerable Software List

VendorProductVersions
Gnu Libextractor 1.6

References

NameSourceURLTags
102116http://www.securityfocus.com/bid/102116BIDThird Party Advisory VDB Entry
https://bugs.debian.org/883528#35https://bugs.debian.org/883528#35MISCExploit Third Party Advisory
https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92ehttps://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92eMISCPatch Third Party Advisory
https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.htmlhttps://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.htmlMISCExploit Third Party Advisory
https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.htmlhttps://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.htmlMISCExploit Third Party Advisory
https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.htmlhttps://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.htmlMISCExploit Third Party Advisory
https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.htmlhttps://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.htmlMISCExploit Third Party Advisory
https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.htmlhttps://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.htmlMISCIssue Tracking