Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-jv2c-1g6v-6kec
Vulnerability ID VCID-jv2c-1g6v-6kec
Aliases CVE-2006-2458
GHSA-f836-7jqw-3684
PYSEC-2006-4
Summary Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://gnunet.org/libextractor
epss 0.30953 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.30953 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.30953 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/26532
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-f836-7jqw-3684
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2006-2458
generic_textual MODERATE http://www.debian.org/security/2006/dsa-1081
generic_textual MODERATE http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
Reference id Reference type URL
http://gnunet.org/libextractor
http://gnunet.org/libextractor/
https://api.first.org/data/v1/epss?cve=CVE-2006-2458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2458
http://secunia.com/advisories/20150
http://secunia.com/advisories/20160
http://secunia.com/advisories/20326
http://secunia.com/advisories/20457
http://securityreason.com/securityalert/916
http://securitytracker.com/id?1016118
https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
https://exchange.xforce.ibmcloud.com/vulnerabilities/26532
https://github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
http://www.debian.org/security/2006/dsa-1081
http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
http://www.novell.com/linux/security/advisories/2006-06-02.html
http://www.securityfocus.com/archive/1/434288/100/0/threaded
http://www.securityfocus.com/bid/18021
http://www.vupen.com/english/advisories/2006/1848
CVE-2006-2458 https://nvd.nist.gov/vuln/detail/CVE-2006-2458
GHSA-f836-7jqw-3684 https://github.com/advisories/GHSA-f836-7jqw-3684
GLSA-200605-14 https://security.gentoo.org/glsa/200605-14
OSVDB-25664;CVE-2006-2458;OSVDB-25663 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/1801.txt
Data source Exploit-DB
Date added May 16, 2006
Description libextractor 0.5.13 - Multiple Heap Overflows (PoC)
Ransomware campaign use Known
Source publication date May 17, 2006
Exploit type dos
Platform multiple
Source update date July 29, 2016
Exploit Prediction Scoring System (EPSS)
Percentile 0.96832
EPSS Score 0.30953
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:03:06.205184+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/extractor/PYSEC-2006-4.yaml 38.6.0