Debian Security Advisory
DSA-4290-1 libextractor -- security update
- Date Reported:
- 10 Sep 2018
- Affected Packages:
- libextractor
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 904903, Bug 904905, Bug 907987.
In Mitre's CVE dictionary: CVE-2018-14346, CVE-2018-14347, CVE-2018-16430. - More information:
-
Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened.
For the stable distribution (stretch), these problems have been fixed in version 1:1.3-4+deb9u2.
We recommend that you upgrade your libextractor packages.
For the detailed security status of libextractor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libextractor