CVE-2006-2458: Libextractor multiple heap-based buffer overflows

May 1, 2022 (updated November 22, 2024)

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

References

exchange.xforce.ibmcloud.com/vulnerabilities/26531
exchange.xforce.ibmcloud.com/vulnerabilities/26532
github.com/advisories/GHSA-f836-7jqw-3684
github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
nvd.nist.gov/vuln/detail/CVE-2006-2458

Detect and mitigate CVE-2006-2458 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →