header-logo
Suggest Exploit
vendor:
libextractor
by:
Luigi Auriemma
9,3
CVSS
HIGH
Heap Overflow
119
CWE
Product Name: libextractor
Affected Version From: 0.5.13
Affected Version To: 0.5.13
Patch Exists: YES
Related CWE: CVE-2006-2448
CPE: a:gnu:libextractor:0.5.13
Metasploit: https://www.rapid7.com/db/vulnerabilities/suse-cve-2006-2448/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0575/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0575/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2006

libextractor <= 0.5.13 Multiple Heap Overflow PoC Exploits

libextractor is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform boundary checks on user-supplied data. An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Mitigation:

Upgrade to version 0.5.14 or later.
Source

Exploit-DB raw data:

# libextractor <= 0.5.13 Multiple Heap Overflow PoC Exploits

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1801.zip   (05172006-libextho.zip)

# milw0rm.com [2006-05-17]

Navigation

Suggest Exploit

Services By CQR