ArchLinux: 201807-16: libextractor: denial of service
Summary
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
Resolution
Upgrade to 1.7-1.
# pacman -Syu "libextractor>=1.7-1"
The problem has been fixed upstream in version 1.7.
References
https://www.gnunet.org/en/ https://security.archlinux.org/CVE-2017-17440
Workaround
None.