Vulnerability Details CVE-2019-15531
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://bugs.gnunet.org/view.php?id=5846
- https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/
- https://bugs.gnunet.org/view.php?id=5846
- https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQLTNQNELKERJ7DLW7E22BK/
Products affected by CVE-2019-15531
-
cpe:2.3:a:gnu:libextractor:0.5.20c
-
cpe:2.3:a:gnu:libextractor:0.5.21
-
cpe:2.3:a:gnu:libextractor:0.5.22
-
cpe:2.3:a:gnu:libextractor:0.5.23
-
cpe:2.3:a:gnu:libextractor:0.5.9
-
cpe:2.3:a:gnu:libextractor:0.6.0
-
cpe:2.3:a:gnu:libextractor:0.6.1
-
cpe:2.3:a:gnu:libextractor:0.6.2
-
cpe:2.3:a:gnu:libextractor:0.6.3
-
cpe:2.3:a:gnu:libextractor:1.0.0
-
cpe:2.3:a:gnu:libextractor:1.0.1
-
cpe:2.3:a:gnu:libextractor:1.1
-
cpe:2.3:a:gnu:libextractor:1.2
-
cpe:2.3:a:gnu:libextractor:1.3
-
cpe:2.3:a:gnu:libextractor:1.4
-
cpe:2.3:a:gnu:libextractor:1.5
-
cpe:2.3:a:gnu:libextractor:1.6
-
cpe:2.3:a:gnu:libextractor:1.7
-
cpe:2.3:a:gnu:libextractor:1.8
-
cpe:2.3:a:gnu:libextractor:1.9
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:29
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:fedoraproject:fedora:31