Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-2458

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

Related bugs and status

CVE-2006-2458 (Candidate) is related to these bugs:

Bug #47255: Please sync libextractor (universe) from unstable

Summary				In	Importance	Status
	47255	Please sync libextractor (universe) from unstable		libextractor (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://gnunet.org/libe...
BID: 18021
SECTRACK: 1016118
SECUNIA: 20150
GENTOO: GLSA-200605-14
SECUNIA: 20160
DEBIAN: DSA-1081
SECUNIA: 20326
SUSE: SUSE-SR:2006:012
SECUNIA: 20457
SREASON: 916
VUPEN: ADV-2006-1848
XF: libextractor-asfextrac...
XF: libextractor-qtextract...
BUGTRAQ: 20060517 Two heap over...