Libextractor.Asfextractor.Heap.Buffer.Overflow
Description
This indicates a possible attempt to exploit a buffer overflow vulnerability in 'libextractor'.
The buffer overflow exists in 'src/plugins/qtextractor.c' in the 'qt_error' parse_trak_atom() function, used in the processing of QT/MOV files. A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Affected Products
0.5.13 (rev 2832) and prior versions.
Impact
System compromise: remote code execution.
Recommended Actions
The vendor has issued a fixed version. Revision 2827 corrects the ASF vulnerability and revision 2833 corrects the QT vulnerability.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |