CVE-2006-2458 - Vulnerability Details - OpenCVE

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libextractor	Libextractor

Configuration 1 [-]

cpe:2.3:a:libextractor:libextractor:0.5.13:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://gnunet.org/libextractor/
http://secunia.com/advisories/20150
http://secunia.com/advisories/20160
http://secunia.com/advisories/20326
http://secunia.com/advisories/20457
http://securityreason.com/securityalert/916
http://securitytracker.com/id?1016118
http://www.debian.org/security/2006/dsa-1081
http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
http://www.novell.com/linux/security/advisories/2006-06-02.html
http://www.securityfocus.com/archive/1/434288/100/0/threaded
http://www.securityfocus.com/bid/18021
http://www.vupen.com/english/advisories/2006/1848
https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
https://exchange.xforce.ibmcloud.com/vulnerabilities/26532

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-05-18T23:00:00

Updated: 2024-08-07T17:51:04.552Z

Reserved: 2006-05-18T00:00:00

Link: CVE-2006-2458

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-05-18T23:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-2458

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060517 Two heap overflow in libextractor 0.5.13 (rev 2832)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/434288/100/0/threaded"}, {"name": "1016118", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016118"}, {"name": "18021", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18021"}, {"name": "SUSE-SR:2006:012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006-06-02.html"}, {"name": "916", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/916"}, {"name": "20160", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20160"}, {"name": "20326", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20326"}, {"name": "20150", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20150"}, {"name": "DSA-1081", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1081"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://gnunet.org/libextractor/"}, {"name": "libextractor-asfextractor-bo(26531)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26531"}, {"name": "GLSA-200605-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml"}, {"name": "libextractor-qtextractor-bo(26532)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26532"}, {"name": "20457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20457"}, {"name": "ADV-2006-1848", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1848"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2458", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060517 Two heap overflow in libextractor 0.5.13 (rev 2832)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/434288/100/0/threaded"}, {"name": "1016118", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016118"}, {"name": "18021", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18021"}, {"name": "SUSE-SR:2006:012", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006-06-02.html"}, {"name": "916", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/916"}, {"name": "20160", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20160"}, {"name": "20326", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20326"}, {"name": "20150", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20150"}, {"name": "DSA-1081", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1081"}, {"name": "http://gnunet.org/libextractor/", "refsource": "CONFIRM", "url": "http://gnunet.org/libextractor/"}, {"name": "libextractor-asfextractor-bo(26531)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26531"}, {"name": "GLSA-200605-14", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml"}, {"name": "libextractor-qtextractor-bo(26532)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26532"}, {"name": "20457", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20457"}, {"name": "ADV-2006-1848", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1848"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:51:04.552Z"}, "title": "CVE Program Container", "references": [{"name": "20060517 Two heap overflow in libextractor 0.5.13 (rev 2832)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/434288/100/0/threaded"}, {"name": "1016118", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016118"}, {"name": "18021", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18021"}, {"name": "SUSE-SR:2006:012", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006-06-02.html"}, {"name": "916", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/916"}, {"name": "20160", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20160"}, {"name": "20326", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20326"}, {"name": "20150", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20150"}, {"name": "DSA-1081", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1081"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://gnunet.org/libextractor/"}, {"name": "libextractor-asfextractor-bo(26531)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26531"}, {"name": "GLSA-200605-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml"}, {"name": "libextractor-qtextractor-bo(26532)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26532"}, {"name": "20457", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20457"}, {"name": "ADV-2006-1848", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1848"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2458", "datePublished": "2006-05-18T23:00:00", "dateReserved": "2006-05-18T00:00:00", "dateUpdated": "2024-08-07T17:51:04.552Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libextractor:libextractor:0.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "69979B1F-1D91-4178-B692-0F1E907DC81A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c)."}], "id": "CVE-2006-2458", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-05-18T23:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://gnunet.org/libextractor/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20150"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20160"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20326"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20457"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/916"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016118"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1081"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006-06-02.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434288/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/18021"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1848"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26531"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26532"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://gnunet.org/libextractor/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006-06-02.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434288/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/18021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26532"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}