Bug 635362 (CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601, CVE-2017-15602, CVE-2017-15922)

Summary:	<media-libs/libextractor-1.6: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Christopher Díaz Riveros (RETIRED) <chrisadr>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	asturm
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [noglsa cve]
Package list:	media-libs/libextractor-1.6	Runtime testing required:	---

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-24 20:41:07 UTC

CVE-2017-15602

In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.

CVE-2017-15601

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.

CVE-2017-15600 

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.


CVE-2017-15267

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.


CVE-2017-15266 

In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-27 01:13:45 UTC

Adding 

CVE-2017-15922 

In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.

Comment 2 Larry the Git Cow gentoo-dev

2017-12-25 13:53:18 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6859a8b699efc9cd61a9eede139220391494d14b

commit 6859a8b699efc9cd61a9eede139220391494d14b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2017-12-25 12:47:15 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2017-12-25 13:53:02 +0000

    media-libs/libextractor: Patch CVE-2017-17440
    
    Bug: https://bugs.gentoo.org/635362
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 .../files/libextractor-1.6-CVE-2017-17440.patch    | 125 +++++++++++++++++++++
 media-libs/libextractor/libextractor-1.6.ebuild    |   2 +
 2 files changed, 127 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2166ff20af181bdecf4d315d69645e544b0a0033

commit 2166ff20af181bdecf4d315d69645e544b0a0033
Author:     Bob Brooks <gitbugged@cool.fr.nf>
AuthorDate: 2017-10-25 19:46:07 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2017-12-25 13:52:59 +0000

    media-libs/libextractor: version bump to 1.6
    
    Bug: https://bugs.gentoo.org/635362
    Closes: https://github.com/gentoo/gentoo/pull/6055
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 media-libs/libextractor/Manifest                |   1 +
 media-libs/libextractor/libextractor-1.6.ebuild | 110 ++++++++++++++++++++++++
 2 files changed, 111 insertions(+)}

Comment 3 Agostino Sarubbo gentoo-dev

2018-02-09 08:39:56 UTC

amd64 stable

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2018-02-10 00:33:32 UTC

x86 stable

Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev

2018-03-06 08:00:20 UTC

ppc stable

Comment 6 Matt Turner gentoo-dev

2018-03-12 01:53:12 UTC

ppc64 done. last arch done

Comment 7 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-03-12 17:52:32 UTC

@Maintainer please clean vulnerable versions.

GLSA Vote: No.

Comment 8 Larry the Git Cow gentoo-dev

2018-03-13 09:33:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68077e8e919bc50122949f64759be12376fb4b68

commit 68077e8e919bc50122949f64759be12376fb4b68
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-03-12 18:07:38 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-03-13 09:33:25 +0000

    media-libs/libextractor: Non-maintainer security cleanup
    
    Bug: https://bugs.gentoo.org/635362
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 media-libs/libextractor/Manifest                   |   1 -
 .../files/libextractor-1.3-exiv2-0.26.patch        |  27 -----
 .../files/libextractor-1.3-ffmpeg-2.9.patch        |  52 ---------
 .../files/libextractor-1.3-giflib-5.patch          |  37 -------
 media-libs/libextractor/libextractor-1.3-r1.ebuild | 117 ---------------------
 5 files changed, 234 deletions(-)}