GNU Libextractor do 1.9 plugins/dvi_extractor.c EXTRACTOR_dvi_extract_method information disclosure

WpisedytowaćHistoryDiffjsonxmlCTI

Podatność, która została odkryta w GNU Libextractor do 1.9. Podatnością dotknięta jest funkcja EXTRACTOR_dvi_extract_method w pliku plugins/dvi_extractor.c. Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

Pole2019-08-24 11:062020-08-04 16:55
vendorGNUGNU
nameLibextractorLibextractor
version<=1.9<=1.9
fileplugins/dvi_extractor.cplugins/dvi_extractor.c
functionEXTRACTOR_dvi_extract_methodEXTRACTOR_dvi_extract_method
cwe125 (ujawnienie informacji)125 (ujawnienie informacji)
risk22
cvss2_vuldb_basescore6.86.8
cvss2_vuldb_tempscore6.86.8
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_meta_basescore6.46.4
cvss3_meta_tempscore6.46.4
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.36.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
date1566518400 (2019-08-23)1566518400 (2019-08-23)
price_0day$0-$5k$0-$5k
cveCVE-2019-15531CVE-2019-15531
cve_assigned15665184001566518400
cve_nvd_summaryGNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_nvd_basescore6.56.5
urlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/

Do you want to use VulDB in your project?

Use the official API to access entries easily!