Advisories ยป MGASA-2017-0413

Updated libextractor packages fix security vulnerabilities

Publication date: 19 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15266 , CVE-2017-15267

Description

In 'EXTRACTOR_wav_extract_method' function of wav_extractor.c, the
program does not check the value of sample_rate, with a crafted file,
the sample_rate can be set to zero, resulting in a divide by zero and a
crash (CVE-2017-15266).

NULL Pointer Dereference vulneribility in libextract when getting flac
meta from libFlac (CVE-2017-15267).

NULL Pointer Dereference vulneribility in libextractor
EXTRACTOR_nsf_extract_method() (rhbz#1501695).
                

References

SRPMS

6/core

5/core