Search for vulnerabilities
Vulnerability details: VCID-4y2m-esy9-4fe9
Vulnerability ID VCID-4y2m-esy9-4fe9
Aliases CVE-2006-2458
GHSA-f836-7jqw-3684
PYSEC-2006-4
Summary Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://gnunet.org/libextractor
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/26532
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-f836-7jqw-3684
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2006-2458
generic_textual MODERATE http://www.debian.org/security/2006/dsa-1081
generic_textual MODERATE http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
Reference id Reference type URL
http://gnunet.org/libextractor
http://gnunet.org/libextractor/
https://api.first.org/data/v1/epss?cve=CVE-2006-2458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2458
http://secunia.com/advisories/20150
http://secunia.com/advisories/20160
http://secunia.com/advisories/20326
http://secunia.com/advisories/20457
http://securityreason.com/securityalert/916
http://securitytracker.com/id?1016118
https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
https://exchange.xforce.ibmcloud.com/vulnerabilities/26532
https://github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
https://nvd.nist.gov/vuln/detail/CVE-2006-2458
http://www.debian.org/security/2006/dsa-1081
http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
http://www.novell.com/linux/security/advisories/2006-06-02.html
http://www.securityfocus.com/archive/1/434288/100/0/threaded
http://www.securityfocus.com/bid/18021
http://www.vupen.com/english/advisories/2006/1848
GHSA-f836-7jqw-3684 https://github.com/advisories/GHSA-f836-7jqw-3684
OSVDB-25664;CVE-2006-2458;OSVDB-25663 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/1801.txt
Data source Exploit-DB
Date added May 16, 2006
Description libextractor 0.5.13 - Multiple Heap Overflows (PoC)
Ransomware campaign use Known
Source publication date May 17, 2006
Exploit type dos
Platform multiple
Source update date July 29, 2016
Exploit Prediction Scoring System (EPSS)
Percentile 0.95083
EPSS Score 0.19115
Published At Aug. 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:04:31.150331+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/extractor/PYSEC-2006-4.yaml 37.0.0