USN-4641-1: libextractor vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4641-1
November 23, 2020
libextractor vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in libextractor.
Software Description:
- libextractor: library used to extract metadata from files
Details:
It was discovered that Libextractor incorrectly handled zero sample rate.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15266)
It was discovered that Libextractor incorrectly handled certain FLAC
metadata. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15267)
It was discovered that Libextractor incorrectly handled certain specially
crafted files. An attacker could possibly use this issue to cause a denial
of service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430)
It was discovered that Libextractor incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15601)
It was discovered that Libextractor incorrectly handled integers. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15602)
It was discovered that Libextractore incorrectly handled certain crafted
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15922)
It was discovered tha Libextractor incorrectly handled certain files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-17440)
It was discovered that Libextractor incorrectly handled certain malformed
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2018-14346)
It was discovered that Libextractor incorrectly handled malformed files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14347)
It was discovered that Libextractor incorrectly handled metadata. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-20431)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
extract 1:1.3-4+deb9u3build0.16.04.1
libextractor-dev 1:1.3-4+deb9u3build0.16.04.1
libextractor3 1:1.3-4+deb9u3build0.16.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4641-1
CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601,
CVE-2017-15602, CVE-2017-15922, CVE-2017-17440, CVE-2018-14346,
CVE-2018-14347, CVE-2018-16430, CVE-2018-20430, CVE-2018-20431
Package Information:
https://launchpad.net/ubuntu/+source/libextractor/1:1.3-4+deb9u3build0.16.04.1
A libextractor security update has been released for Ubuntu 16.04 LTS.
