Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 635362 (CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601, CVE-2017-15602, CVE-2017-15922) - <media-libs/libextractor-1.6: Multiple vulnerabilities
Summary: <media-libs/libextractor-1.6: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601, CVE-2017-15602, CVE-2017-15922
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-24 20:41 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2018-03-13 17:59 UTC (History)
1 user (show)

See Also:
Package list:
media-libs/libextractor-1.6
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-24 20:41:07 UTC
CVE-2017-15602

In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.

CVE-2017-15601

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.

CVE-2017-15600 

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.


CVE-2017-15267

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.


CVE-2017-15266 

In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-27 01:13:45 UTC
Adding 

CVE-2017-15922 

In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
Comment 2 Larry the Git Cow gentoo-dev 2017-12-25 13:53:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6859a8b699efc9cd61a9eede139220391494d14b

commit 6859a8b699efc9cd61a9eede139220391494d14b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2017-12-25 12:47:15 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2017-12-25 13:53:02 +0000

    media-libs/libextractor: Patch CVE-2017-17440
    
    Bug: https://bugs.gentoo.org/635362
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 .../files/libextractor-1.6-CVE-2017-17440.patch    | 125 +++++++++++++++++++++
 media-libs/libextractor/libextractor-1.6.ebuild    |   2 +
 2 files changed, 127 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2166ff20af181bdecf4d315d69645e544b0a0033

commit 2166ff20af181bdecf4d315d69645e544b0a0033
Author:     Bob Brooks <gitbugged@cool.fr.nf>
AuthorDate: 2017-10-25 19:46:07 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2017-12-25 13:52:59 +0000

    media-libs/libextractor: version bump to 1.6
    
    Bug: https://bugs.gentoo.org/635362
    Closes: https://github.com/gentoo/gentoo/pull/6055
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 media-libs/libextractor/Manifest                |   1 +
 media-libs/libextractor/libextractor-1.6.ebuild | 110 ++++++++++++++++++++++++
 2 files changed, 111 insertions(+)}
Comment 3 Agostino Sarubbo gentoo-dev 2018-02-09 08:39:56 UTC
amd64 stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-02-10 00:33:32 UTC
x86 stable
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-06 08:00:20 UTC
ppc stable
Comment 6 Matt Turner gentoo-dev 2018-03-12 01:53:12 UTC
ppc64 done. last arch done
Comment 7 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-12 17:52:32 UTC
@Maintainer please clean vulnerable versions.

GLSA Vote: No.
Comment 8 Larry the Git Cow gentoo-dev 2018-03-13 09:33:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68077e8e919bc50122949f64759be12376fb4b68

commit 68077e8e919bc50122949f64759be12376fb4b68
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-03-12 18:07:38 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-03-13 09:33:25 +0000

    media-libs/libextractor: Non-maintainer security cleanup
    
    Bug: https://bugs.gentoo.org/635362
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 media-libs/libextractor/Manifest                   |   1 -
 .../files/libextractor-1.3-exiv2-0.26.patch        |  27 -----
 .../files/libextractor-1.3-ffmpeg-2.9.patch        |  52 ---------
 .../files/libextractor-1.3-giflib-5.patch          |  37 -------
 media-libs/libextractor/libextractor-1.3-r1.ebuild | 117 ---------------------
 5 files changed, 234 deletions(-)}