ArchLinux: 201711-16: libextractor: denial of service
Summary
In GNU Libextractor before 1.6, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
Resolution
Upgrade to 1.6-1.
# pacman -Syu "libextractor>=1.6-1"
The problem has been fixed upstream in version 1.6.
References
https://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html https://security.archlinux.org/CVE-2017-15922
Workaround
None.