Search for vulnerabilities
Vulnerability details: VCID-qjga-kr3t-aaaf
Vulnerability ID VCID-qjga-kr3t-aaaf
Aliases CVE-2006-2458
GHSA-f836-7jqw-3684
PYSEC-2006-4
Summary Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://gnunet.org/libextractor
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.18715 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.19115 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.24132 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.32128 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.41740 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.41740 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.41740 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
epss 0.41740 https://api.first.org/data/v1/epss?cve=CVE-2006-2458
generic_textual MODERATE http://securityreason.com/securityalert/916
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/26532
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-f836-7jqw-3684
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2006-2458
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2006-2458
generic_textual MODERATE http://www.debian.org/security/2006/dsa-1081
generic_textual MODERATE http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
Reference id Reference type URL
http://gnunet.org/libextractor
http://gnunet.org/libextractor/
https://api.first.org/data/v1/epss?cve=CVE-2006-2458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2458
http://secunia.com/advisories/20150
http://secunia.com/advisories/20160
http://secunia.com/advisories/20326
http://secunia.com/advisories/20457
http://securityreason.com/securityalert/916
http://securitytracker.com/id?1016118
https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
https://exchange.xforce.ibmcloud.com/vulnerabilities/26532
https://github.com/pypa/advisory-database/tree/main/vulns/extractor/PYSEC-2006-4.yaml
http://www.debian.org/security/2006/dsa-1081
http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
http://www.novell.com/linux/security/advisories/2006-06-02.html
http://www.securityfocus.com/archive/1/434288/100/0/threaded
http://www.securityfocus.com/bid/18021
http://www.vupen.com/english/advisories/2006/1848
cpe:2.3:a:libextractor:libextractor:0.5.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libextractor:libextractor:0.5.13:*:*:*:*:*:*:*
CVE-2006-2458 https://nvd.nist.gov/vuln/detail/CVE-2006-2458
GHSA-f836-7jqw-3684 https://github.com/advisories/GHSA-f836-7jqw-3684
GLSA-200605-14 https://security.gentoo.org/glsa/200605-14
OSVDB-25664;CVE-2006-2458;OSVDB-25663 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/1801.txt
Data source Exploit-DB
Date added May 16, 2006
Description libextractor 0.5.13 - Multiple Heap Overflows (PoC)
Ransomware campaign use Known
Source publication date May 17, 2006
Exploit type dos
Platform multiple
Source update date July 29, 2016
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2006-2458
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.94783
EPSS Score 0.18715
Published At April 5, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.