Search for packages
| purl | pkg:deb/debian/libextractor@0.4.2-2sarge6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2vyx-n8nh-cfb5
Aliases: CVE-2006-0301 |
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. |
Affected by 14 other vulnerabilities. |
|
VCID-363x-zguh-17eu
Aliases: CVE-2007-4352 |
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. |
Affected by 14 other vulnerabilities. |
|
VCID-3ebb-8uv9-k7cy
Aliases: CVE-2005-3627 |
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo. |
Affected by 14 other vulnerabilities. |
|
VCID-6bqc-un4n-nke9
Aliases: CVE-2017-15266 |
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. |
Affected by 1 other vulnerability. |
|
VCID-726e-sk63-kqa8
Aliases: CVE-2007-5392 |
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. |
Affected by 14 other vulnerabilities. |
|
VCID-7t2c-2xj8-67h6
Aliases: CVE-2017-15601 |
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. |
Affected by 1 other vulnerability. |
|
VCID-89y8-7sd2-xfg2
Aliases: CVE-2007-3387 |
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. |
Affected by 14 other vulnerabilities. |
|
VCID-8s9k-3wqb-pkaw
Aliases: CVE-2005-3193 |
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. |
Affected by 14 other vulnerabilities. |
|
VCID-crrp-38db-67ez
Aliases: CVE-2009-3736 |
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. |
Affected by 13 other vulnerabilities. |
|
VCID-cszh-vnya-aue1
Aliases: CVE-2018-14347 |
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). |
Affected by 13 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-dedj-eeh3-u3gn
Aliases: CVE-2005-3628 |
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. |
Affected by 14 other vulnerabilities. |
|
VCID-e7d8-z99q-jkem
Aliases: CVE-2017-17440 |
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c. |
Affected by 1 other vulnerability. |
|
VCID-evt3-ts2m-qqba
Aliases: CVE-2018-14346 |
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). |
Affected by 13 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-f8ue-ced9-qqfn
Aliases: CVE-2005-3191 |
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. |
Affected by 14 other vulnerabilities. |
|
VCID-hdqp-eegr-fbem
Aliases: CVE-2017-15600 |
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. |
Affected by 1 other vulnerability. |
|
VCID-hjun-jyuh-mffc
Aliases: CVE-2019-15531 |
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. |
Affected by 0 other vulnerabilities. |
|
VCID-jv2c-1g6v-6kec
Aliases: CVE-2006-2458 GHSA-f836-7jqw-3684 PYSEC-2006-4 |
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c). |
Affected by 14 other vulnerabilities. |
|
VCID-k239-68wu-1bgp
Aliases: CVE-2017-15922 |
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. |
Affected by 1 other vulnerability. |
|
VCID-mn31-8fw8-fbby
Aliases: CVE-2005-3624 |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
Affected by 14 other vulnerabilities. |
|
VCID-nw43-g144-hkff
Aliases: CVE-2005-3626 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
Affected by 14 other vulnerabilities. |
|
VCID-sqaa-y9vd-2qb3
Aliases: CVE-2018-20431 |
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. |
Affected by 13 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-ucw2-n999-nyh6
Aliases: CVE-2005-3625 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
Affected by 14 other vulnerabilities. |
|
VCID-veaw-x8sv-qycw
Aliases: CVE-2007-5393 |
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. |
Affected by 14 other vulnerabilities. |
|
VCID-vejq-m5jb-3yhv
Aliases: CVE-2017-15602 |
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. |
Affected by 1 other vulnerability. |
|
VCID-x23f-11aw-nkf7
Aliases: CVE-2005-3192 |
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. |
Affected by 14 other vulnerabilities. |
|
VCID-x8vx-wm5e-dfhn
Aliases: CVE-2017-15267 |
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. |
Affected by 1 other vulnerability. |
|
VCID-xs1a-pwpg-tuey
Aliases: CVE-2005-2097 |
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information. |
Affected by 14 other vulnerabilities. |
|
VCID-y4xg-2byu-7kcu
Aliases: CVE-2018-20430 |
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. |
Affected by 13 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-ze5d-xgap-3bgk
Aliases: CVE-2018-16430 |
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. |
Affected by 13 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||