In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.Referenceshttps://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gzhttps://lists.debian.org/debian-lts-announce/2017/12/msg00000.htmlhttp://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html
