{"id":"USN-4641-1","summary":"libextractor vulnerabilities","details":"It was discovered that Libextractor incorrectly handled zero sample rate.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2017-15266)\n\nIt was discovered that Libextractor incorrectly handled certain FLAC\nmetadata. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2017-15267)\n\nIt was discovered that Libextractor incorrectly handled certain specially\ncrafted files. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430)\n\nIt was discovered that Libextractor incorrectly handled certain inputs. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2017-15601)\n\nIt was discovered that Libextractor incorrectly handled integers. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2017-15602)\n\nIt was discovered that Libextractore incorrectly handled certain crafted\nfiles. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2017-15922)\n\nIt was discovered tha Libextractor incorrectly handled certain files. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2017-17440)\n\nIt was discovered that Libextractor incorrectly handled certain malformed\nfiles. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2018-14346)\n\nIt was discovered that Libextractor incorrectly handled malformed files. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2018-14347)\n\nIt was discovered that Libextractor incorrectly handled metadata. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2018-20431)\n","modified":"2026-02-10T04:41:59Z","published":"2020-11-23T18:02:19Z","related":["UBUNTU-CVE-2017-15266","UBUNTU-CVE-2017-15267","UBUNTU-CVE-2017-15600","UBUNTU-CVE-2017-15601","UBUNTU-CVE-2017-15602","UBUNTU-CVE-2017-15922","UBUNTU-CVE-2017-17440","UBUNTU-CVE-2018-14346","UBUNTU-CVE-2018-14347","UBUNTU-CVE-2018-16430","UBUNTU-CVE-2018-20430","UBUNTU-CVE-2018-20431"],"upstream":["CVE-2017-15266","CVE-2017-15267","CVE-2017-15600","CVE-2017-15601","CVE-2017-15602","CVE-2017-15922","CVE-2017-17440","CVE-2018-14346","CVE-2018-14347","CVE-2018-16430","CVE-2018-20430","CVE-2018-20431","UBUNTU-CVE-2017-15266","UBUNTU-CVE-2017-15267","UBUNTU-CVE-2017-15600","UBUNTU-CVE-2017-15601","UBUNTU-CVE-2017-15602","UBUNTU-CVE-2017-15922","UBUNTU-CVE-2017-17440","UBUNTU-CVE-2018-14346","UBUNTU-CVE-2018-14347","UBUNTU-CVE-2018-16430","UBUNTU-CVE-2018-20430","UBUNTU-CVE-2018-20431"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4641-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15266"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15267"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15600"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15601"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15602"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15922"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-17440"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14346"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14347"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-16430"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20430"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20431"}],"affected":[{"package":{"name":"libextractor","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/libextractor@1:1.3-4+deb9u3build0.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.3-4+deb9u3build0.16.04.1"}]}],"versions":["1:1.3-2build1","1:1.3-2ubuntu1","1:1.3-3"],"ecosystem_specific":{"binaries":[{"binary_version":"1:1.3-4+deb9u3build0.16.04.1","binary_name":"extract"},{"binary_version":"1:1.3-4+deb9u3build0.16.04.1","binary_name":"libextractor-dev"},{"binary_version":"1:1.3-4+deb9u3build0.16.04.1","binary_name":"libextractor3"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2017-15266","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-15267","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-15600","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-15601","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-15602","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-15922","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-17440","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-14346","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-14347","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-16430","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-20430","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-20431","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4641-1.json"}}],"schema_version":"1.7.3"}