Advisories ยป MGASA-2018-0043

Updated libextractor packages fix security vulnerability

Publication date: 03 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-17440

Description

GNU Libextractor 1.6 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a crafted GIF, IT
(Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended
Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function
in plugins/xm_extractor.c (CVE-2017-17440).
                

References

SRPMS

5/core

6/core