Miggo Logo

CVE-2006-2458: Libextractor multiple heap-based buffer overflows

4

CVSS Score

Basic Information

EPSS Score
0.9504%
CWE
-
Published
5/1/2022
Updated
11/26/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:N/AC:H/Au:N/C:P/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
extractorpip= 0.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

All primary sources (CVE description, GitHub Advisory, Debian DSA-1081, Gentoo GLSA, and PyPA advisory) consistently identify these two functions with their exact file paths. The vulnerability manifests in media format parsing components where attacker-controlled input size isn't properly validated() before heap memory operations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Multipl* ***p-**s** *u***r ov*r*lows in Li**xtr**tor *.*.** *n* **rli*r *llow r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** vi* (*) t** *s*_r***_*****r *un*tion in t** *S* plu*in (plu*ins/*s**xtr**tor.*), *n* (*) t** p*rs*_tr*k_*tom *un*tion in t** QT p

Reasoning

*ll prim*ry sour**s (*V* **s*ription, *it*u* **visory, ***i*n *S*-****, **ntoo *LS*, *n* PyP* **visory) *onsist*ntly i**nti*y t**s* two `*un*tions` wit* t**ir *x**t `*il* p*t*s`. T** vuln*r**ility m*ni**sts in m**i* *orm*t p*rsin* *ompon*nts w**r* *t