Download
| Alert*
oval:org.secpod.oval:def:89002113
This update for exempi fixes the following issues: Security issue fixed: - CVE-2018-7730: Fix heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp . - CVE-2017-18234: Fix use-after-free issue that allows remote attackers to cause a denial of service via a .pdf file . oval:org.secpod.oval:def:89043528 This update for exempi fixes the following security issues: - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service via crafted XMP data in a .avi file . - CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote a ... oval:org.secpod.oval:def:704101 exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:2001434 An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData function. oval:org.secpod.oval:def:114239 Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. oval:org.secpod.oval:def:205303 Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. Security Fix: * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp * exempi: Use after free via ... oval:org.secpod.oval:def:503278 Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. Security Fix: * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp * exempi: Use after free via ... oval:org.secpod.oval:def:1504482 [2.2.0-9] - Fix CVE-2017-18233 resolves: #1574865 - Fix CVE-2017-18234 resolves: #1656011 - Fix CVE-2017-18236 resolves: #1574905 - Fix CVE-2017-18238 resolves: #1572270 - Fix CVE-2018-7730 resolves: #1572631 oval:org.secpod.oval:def:52048 exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1700252 An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service via crafted XMP data in a .avi file.An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause ... |