{"id":"USN-4641-1","summary":"libextractor vulnerabilities","details":"It was discovered that Libextractor incorrectly handled zero sample rate.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2017-15266)\n\nIt was discovered that Libextractor incorrectly handled certain FLAC\nmetadata. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2017-15267)\n\nIt was discovered that Libextractor incorrectly handled certain specially\ncrafted files. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430)\n\nIt was discovered that Libextractor incorrectly handled certain inputs. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2017-15601)\n\nIt was discovered that Libextractor incorrectly handled integers. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2017-15602)\n\nIt was discovered that Libextractore incorrectly handled certain crafted\nfiles. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2017-15922)\n\nIt was discovered tha Libextractor incorrectly handled certain files. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2017-17440)\n\nIt was discovered that Libextractor incorrectly handled certain malformed\nfiles. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2018-14346)\n\nIt was discovered that Libextractor incorrectly handled malformed files. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2018-14347)\n\nIt was discovered that Libextractor incorrectly handled metadata. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2018-20431)\n","modified":"2026-02-10T04:41:59Z","published":"2020-11-23T18:02:19Z","related":["UBUNTU-CVE-2017-15266","UBUNTU-CVE-2017-15267","UBUNTU-CVE-2017-15600","UBUNTU-CVE-2017-15601","UBUNTU-CVE-2017-15602","UBUNTU-CVE-2017-15922","UBUNTU-CVE-2017-17440","UBUNTU-CVE-2018-14346","UBUNTU-CVE-2018-14347","UBUNTU-CVE-2018-16430","UBUNTU-CVE-2018-20430","UBUNTU-CVE-2018-20431"],"upstream":["CVE-2017-15266","CVE-2017-15267","CVE-2017-15600","CVE-2017-15601","CVE-2017-15602","CVE-2017-15922","CVE-2017-17440","CVE-2018-14346","CVE-2018-14347","CVE-2018-16430","CVE-2018-20430","CVE-2018-20431","UBUNTU-CVE-2017-15266","UBUNTU-CVE-2017-15267","UBUNTU-CVE-2017-15600","UBUNTU-CVE-2017-15601","UBUNTU-CVE-2017-15602","UBUNTU-CVE-2017-15922","UBUNTU-CVE-2017-17440","UBUNTU-CVE-2018-14346","UBUNTU-CVE-2018-14347","UBUNTU-CVE-2018-16430","UBUNTU-CVE-2018-20430","UBUNTU-CVE-2018-20431"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4641-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15266"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15267"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15600"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15601"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15602"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15922"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-17440"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14346"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14347"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-16430"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20430"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20431"}],"affected":[{"package":{"name":"libextractor","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/libextractor@1:1.3-4+deb9u3build0.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.3-4+deb9u3build0.16.04.1"}]}],"versions":["1:1.3-2build1","1:1.3-2ubuntu1","1:1.3-3"],"ecosystem_specific":{"binaries":[{"binary_version":"1:1.3-4+deb9u3build0.16.04.1","binary_name":"extract"},{"binary_version":"1:1.3-4+deb9u3build0.16.04.1","binary_name":"libextractor-dev"},{"binary_version":"1:1.3-4+deb9u3build0.16.04.1","binary_name":"libextractor3"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4641-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-15266"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-15267"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-15600"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-15601"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-15602"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-15922"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-17440"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-14346"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-14347"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-16430"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20430"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-20431"}]}}}],"schema_version":"1.7.3"}