PYSEC-2006-4

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/extractor/PYSEC-2006-4.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2006-4

Aliases

CVE-2006-2458
GHSA-f836-7jqw-3684

Published

2006-05-18T23:02:00Z

Modified

2024-11-25T22:42:15.953699Z

Summary

[none]

Details

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asfreadheader function in the ASF plugin (plugins/asfextractor.c), and (2) the parsetrakatom function in the QT plugin (plugins/qtextractor.c).

References

http://www.securityfocus.com/bid/18021
http://securitytracker.com/id?1016118
http://secunia.com/advisories/20150
http://gnunet.org/libextractor/
http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
http://secunia.com/advisories/20160
http://www.debian.org/security/2006/dsa-1081
http://secunia.com/advisories/20326
http://www.novell.com/linux/security/advisories/2006-06-02.html
http://secunia.com/advisories/20457
http://securityreason.com/securityalert/916
http://www.vupen.com/english/advisories/2006/1848
https://exchange.xforce.ibmcloud.com/vulnerabilities/26532
https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
http://www.securityfocus.com/archive/1/434288/100/0/threaded

Affected packages

PyPI / extractor

Package

Name: extractor; View open source insights on deps.dev
Purl: pkg:pypi/extractor

Affected ranges

Affected versions

0.*

0.5

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/extractor/PYSEC-2006-4.yaml"