635362 – (CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601, CVE-2017-15602, CVE-2017-15922) <media-libs/libextractor-1.6: Multiple vulnerabilities

Bug 635362 (CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601, CVE-2017-15602, CVE-2017-15922) - <media-libs/libextractor-1.6: Multiple vulnerabilities

Summary: <media-libs/libextractor-1.6: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601, CVE-2017-15602, CVE-2017-15922

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-10-24 20:41 UTC by Christopher Díaz Riveros (RETIRED)
Modified:	2018-03-13 17:59 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	media-libs/libextractor-1.6
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-24 20:41:07 UTC

CVE-2017-15602

In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.

CVE-2017-15601

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.

CVE-2017-15600 

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.


CVE-2017-15267

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.


CVE-2017-15266 

In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-27 01:13:45 UTC

Adding 

CVE-2017-15922 

In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.

Comment 2 Larry the Git Cow gentoo-dev

2017-12-25 13:53:18 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6859a8b699efc9cd61a9eede139220391494d14b

commit 6859a8b699efc9cd61a9eede139220391494d14b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2017-12-25 12:47:15 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2017-12-25 13:53:02 +0000

    media-libs/libextractor: Patch CVE-2017-17440
    
    Bug: https://bugs.gentoo.org/635362
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 .../files/libextractor-1.6-CVE-2017-17440.patch    | 125 +++++++++++++++++++++
 media-libs/libextractor/libextractor-1.6.ebuild    |   2 +
 2 files changed, 127 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2166ff20af181bdecf4d315d69645e544b0a0033

commit 2166ff20af181bdecf4d315d69645e544b0a0033
Author:     Bob Brooks <gitbugged@cool.fr.nf>
AuthorDate: 2017-10-25 19:46:07 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2017-12-25 13:52:59 +0000

    media-libs/libextractor: version bump to 1.6
    
    Bug: https://bugs.gentoo.org/635362
    Closes: https://github.com/gentoo/gentoo/pull/6055
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 media-libs/libextractor/Manifest                |   1 +
 media-libs/libextractor/libextractor-1.6.ebuild | 110 ++++++++++++++++++++++++
 2 files changed, 111 insertions(+)}

Comment 3 Agostino Sarubbo gentoo-dev

2018-02-09 08:39:56 UTC

amd64 stable

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2018-02-10 00:33:32 UTC

x86 stable

Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev

2018-03-06 08:00:20 UTC

ppc stable

Comment 6 Matt Turner gentoo-dev

2018-03-12 01:53:12 UTC

ppc64 done. last arch done

Comment 7 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-03-12 17:52:32 UTC

@Maintainer please clean vulnerable versions.

GLSA Vote: No.

Comment 8 Larry the Git Cow gentoo-dev

2018-03-13 09:33:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68077e8e919bc50122949f64759be12376fb4b68

commit 68077e8e919bc50122949f64759be12376fb4b68
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-03-12 18:07:38 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-03-13 09:33:25 +0000

    media-libs/libextractor: Non-maintainer security cleanup
    
    Bug: https://bugs.gentoo.org/635362
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 media-libs/libextractor/Manifest                   |   1 -
 .../files/libextractor-1.3-exiv2-0.26.patch        |  27 -----
 .../files/libextractor-1.3-ffmpeg-2.9.patch        |  52 ---------
 .../files/libextractor-1.3-giflib-5.patch          |  37 -------
 media-libs/libextractor/libextractor-1.3-r1.ebuild | 117 ---------------------
 5 files changed, 234 deletions(-)}