Download
| Alert*
oval:org.secpod.oval:def:89043528
This update for exempi fixes the following security issues: - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service via crafted XMP data in a .avi file . - CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote a ... oval:org.secpod.oval:def:704101 exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:52048 exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:114239 Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. oval:org.secpod.oval:def:2000912 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update function in third-party/zuid/interfaces/MD5.cpp. |