[Secure-testing-team] Bug#878314: libextractor: CVE-2017-15266 CVE-2017-15267
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 12 17:17:33 UTC 2017
Source: libextractor
Version: 1:1.3-2
Severity: important
Tags: patch security upstream
Hi,
the following vulnerabilities were published for libextractor.
CVE-2017-15266[0]:
| In GNU Libextractor 1.4, there is a Divide-By-Zero in
| EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
CVE-2017-15267[1]:
| In GNU Libextractor 1.4, there is a NULL Pointer Dereference in
| flac_metadata in flac_extractor.c.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15266
[1] https://security-tracker.debian.org/tracker/CVE-2017-15267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15267
The security-tracker entries contain link to the respective commits as
well.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list