========================================================================== Ubuntu Security Notice USN-4641-1 November 23, 2020 libextractor vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in libextractor. Software Description: - libextractor: library used to extract metadata from files Details: It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15266) It was discovered that Libextractor incorrectly handled certain FLAC metadata. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15267) It was discovered that Libextractor incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430) It was discovered that Libextractor incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15601) It was discovered that Libextractor incorrectly handled integers. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15602) It was discovered that Libextractore incorrectly handled certain crafted files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15922) It was discovered tha Libextractor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-17440) It was discovered that Libextractor incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14346) It was discovered that Libextractor incorrectly handled malformed files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14347) It was discovered that Libextractor incorrectly handled metadata. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20431) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: extract 1:1.3-4+deb9u3build0.16.04.1 libextractor-dev 1:1.3-4+deb9u3build0.16.04.1 libextractor3 1:1.3-4+deb9u3build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4641-1 CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601, CVE-2017-15602, CVE-2017-15922, CVE-2017-17440, CVE-2018-14346, CVE-2018-14347, CVE-2018-16430, CVE-2018-20430, CVE-2018-20431 Package Information: https://launchpad.net/ubuntu/+source/libextractor/1:1.3-4+deb9u3build0.16.04.1