Search for vulnerabilities
Vulnerability details: VCID-uxcp-g9a8-aaac
Vulnerability ID VCID-uxcp-g9a8-aaac
Aliases CVE-2018-20430
Summary GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20430.html
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00604 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
epss 0.00889 https://api.first.org/data/v1/epss?cve=CVE-2018-20430
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20430
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431
generic_textual Medium https://gnunet.org/bugs/view.php?id=5493
generic_textual Medium https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110
generic_textual Medium https://gnunet.org/git/libextractor.git/tree/ChangeLog
generic_textual Medium https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-20430
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-20430
generic_textual Medium https://ubuntu.com/security/notices/USN-4641-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20430.html
https://api.first.org/data/v1/epss?cve=CVE-2018-20430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431
https://gnunet.org/bugs/view.php?id=5493
https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110
https://gnunet.org/git/libextractor.git/tree/ChangeLog
https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html
https://ubuntu.com/security/notices/USN-4641-1
https://www.debian.org/security/2018/dsa-4361
http://www.securityfocus.com/bid/106300
917214 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917214
cpe:2.3:a:gnu:libextractor:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libextractor:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2018-20430 https://nvd.nist.gov/vuln/detail/CVE-2018-20430
USN-4641-1 https://usn.ubuntu.com/4641-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-20430
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-20430
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.49548
EPSS Score 0.00136
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.