Updated libextractor packages fix security vulnerability
Publication date: 03 Jan 2018Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-17440
Description
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c (CVE-2017-17440).
References
SRPMS
5/core
- libextractor-1.6-1.1.mga5
6/core
- libextractor-1.6-1.1.mga6