VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4y2m-esy9-4fe9

Essentials
Severities (22)
References (22)
Severity details (8)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-4y2m-esy9-4fe9
Aliases	CVE-2006-2458 GHSA-f836-7jqw-3684 PYSEC-2006-4
Summary	Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
Status	Published
Exploitability	2.0
Weighted Severity	6.2
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://gnunet.org/libextractor
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss	0.19115	https://api.first.org/data/v1/epss?cve=CVE-2006-2458
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/26532
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-f836-7jqw-3684
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2006-2458
generic_textual	MODERATE	http://www.debian.org/security/2006/dsa-1081
generic_textual	MODERATE	http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml

Reference id	Reference type	URL
		http://gnunet.org/libextractor
		http://gnunet.org/libextractor/
		https://api.first.org/data/v1/epss?cve=CVE-2006-2458
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2458
		http://secunia.com/advisories/20150
		http://secunia.com/advisories/20160
		http://secunia.com/advisories/20326
		http://secunia.com/advisories/20457
		http://securityreason.com/securityalert/916
		http://securitytracker.com/id?1016118
		https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
		https://exchange.xforce.ibmcloud.com/vulnerabilities/26532
		https://github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
		https://nvd.nist.gov/vuln/detail/CVE-2006-2458
		http://www.debian.org/security/2006/dsa-1081
		http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
		http://www.novell.com/linux/security/advisories/2006-06-02.html
		http://www.securityfocus.com/archive/1/434288/100/0/threaded
		http://www.securityfocus.com/bid/18021
		http://www.vupen.com/english/advisories/2006/1848
GHSA-f836-7jqw-3684		https://github.com/advisories/GHSA-f836-7jqw-3684
OSVDB-25664;CVE-2006-2458;OSVDB-25663	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/1801.txt

Data source	Exploit-DB
Date added	May 16, 2006
Description	libextractor 0.5.13 - Multiple Heap Overflows (PoC)
Ransomware campaign use	Known
Source publication date	May 17, 2006
Exploit type	dos
Platform	multiple
Source update date	July 29, 2016

Exploit Prediction Scoring System (EPSS)

Percentile	0.95083
EPSS Score	0.19115
Published At	Aug. 12, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:04:31.150331+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/extractor/PYSEC-2006-4.yaml	37.0.0