There is a new pull request by ndowens against master on the void-packages repository

https://github.com/ndowens/void-packages libextractor
https://github.com/void-linux/void-packages/pull/26493

libextractor: update to 1.10
Update for CVE-2019-15531

Oddly SONAME went down, changed to what xbps reported it to be

A patch file from https://github.com/void-linux/void-packages/pull/26493.patch is attached