CVE-2006-2458: Libextractor multiple heap-based buffer overflows
4
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.9504%
CWE
-
Published
5/1/2022
Updated
11/26/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
AV:N/AC:H/Au:N/C:P/I:P/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
extractor | pip | = 0.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
All primary sources (CVE description, GitHub Advisory, Debian DSA-1081, Gentoo GLSA, and PyPA advisory) consistently identify these two functions
with their exact file paths
. The vulnerability manifests in media format parsing components where attacker-controlled input size isn't properly validated()
before heap memory operations.