Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
197
security advisorybuffer overflowdebianDebian: Exempi Moderate Buffer Overflow & Out-of-bounds Access DLA-4264-1
Multiple vulnerabilities have been fixed in Exempi, an implementation of XMP (Extensible Metadata Platform). CVE-2021-36045 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4264-1
Aug 04, 2025
•Important
Debian LTS
202
security advisorybuffer overflowpatch instructionopenSUSE: 2023:3833-1 Moderate: Exempi Buffer Overflow Issue
This update for exempi fixes the following issues: CVE-2020-18651: Fixed a buffer overflow in ID3 support (bsc#1214486).. # Security update for exempi Announcement ID: SUSE-SU-2023:3833-1 Rating: moderate References: * #1214486 Cross-References: * CVE-2020-18651 CVSS scores: * CVE-2020-18651 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-18651 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for exempi fixes the following issues: * CVE-2020-18651: Fixed a buffer overflow in ID3 support (bsc#1214486). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3833=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3833=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3833=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3833=1 ## Package List: * openSUSELeap 15.4 (aarch64 ppc64le s390x x86_64) * libexempi-devel-2.4.5-150000.3.9.1 * libexempi3-debuginfo-2.4.5-150000.3.9.1 * exempi-tools-debuginfo-2.4.5-150000.3.9.1 * exempi-debugsource-2.4.5-150000.3.9.1 * exempi-tools-2.4.5-150000.3.9.1 * libexempi3-2.4.5-150000.3.9.1 * openSUSE Leap 15.4 (x86_64) * libexempi3-32bit-2.4.5-150000.3.9.1 * libexempi3-32bit-debuginfo-2.4.5-150000.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libexempi-devel-2.4.5-150000.3.9.1 * libexempi3-debuginfo-2.4.5-150000.3.9.1 * exempi-tools-debuginfo-2.4.5-150000.3.9.1 * exempi-debugsource-2.4.5-150000.3.9.1 * exempi-tools-2.4.5-150000.3.9.1 * libexempi3-2.4.5-150000.3.9.1 * openSUSE Leap 15.5 (x86_64) * libexempi3-32bit-2.4.5-150000.3.9.1 * libexempi3-32bit-debuginfo-2.4.5-150000.3.9.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libexempi-devel-2.4.5-150000.3.9.1 * exempi-debugsource-2.4.5-150000.3.9.1 * libexempi3-2.4.5-150000.3.9.1 * libexempi3-debuginfo-2.4.5-150000.3.9.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libexempi-devel-2.4.5-150000.3.9.1 * exempi-debugsource-2.4.5-150000.3.9.1 * libexempi3-2.4.5-150000.3.9.1 * libexempi3-debuginfo-2.4.5-150000.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2020-18651.html * https://bugzilla.suse.com/show_bug.cgi?id=1214486 . Patch for exempi resolves buffer overflow vulnerabilities in ID3 handling, improving security measures for openSUSE clients.. openSUSE Security, Exempi Update, Buffer Overflow Protection, Software Patch. . LinuxSecurity.com Team
Sep 27, 2023
OpenSUSE
197
security advisorybuffer overflowdebianDebian 10 Buster: DLA-3585-1 Moderate: Exempi Buffer Overflow Advisory
Multiple vulneratibilities were found in exempi, an implementation of XMP (Extensible Metadata Platform). CVE-2020-18651 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3585-1
Sep 25, 2023
Debian LTS
202
security advisorymoderatebuffer overflowopenSUSE 15.x: 2023:3518-1 Moderate: Exempi Buffer Overflow
This update for exempi fixes the following issues: CVE-2020-18652: Fixed buffer overflow vulnerability in WEBP_Support.cpp (bsc#1214488).. # Security update for exempi Announcement ID: SUSE-SU-2023:3518-1 Rating: moderate References: * #1214488 Cross-References: * CVE-2020-18652 CVSS scores: * CVE-2020-18652 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-18652 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for exempi fixes the following issues: * CVE-2020-18652: Fixed buffer overflow vulnerability in WEBP_Support.cpp (bsc#1214488). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3518=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3518=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3518=1 * Desktop Applications Module 15-SP5 zypper in -t patchSUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3518=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libexempi3-debuginfo-2.4.5-150000.3.6.1 * exempi-tools-2.4.5-150000.3.6.1 * exempi-tools-debuginfo-2.4.5-150000.3.6.1 * libexempi-devel-2.4.5-150000.3.6.1 * exempi-debugsource-2.4.5-150000.3.6.1 * libexempi3-2.4.5-150000.3.6.1 * openSUSE Leap 15.4 (x86_64) * libexempi3-32bit-2.4.5-150000.3.6.1 * libexempi3-32bit-debuginfo-2.4.5-150000.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libexempi3-debuginfo-2.4.5-150000.3.6.1 * exempi-tools-2.4.5-150000.3.6.1 * exempi-tools-debuginfo-2.4.5-150000.3.6.1 * libexempi-devel-2.4.5-150000.3.6.1 * exempi-debugsource-2.4.5-150000.3.6.1 * libexempi3-2.4.5-150000.3.6.1 * openSUSE Leap 15.5 (x86_64) * libexempi3-32bit-2.4.5-150000.3.6.1 * libexempi3-32bit-debuginfo-2.4.5-150000.3.6.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libexempi3-2.4.5-150000.3.6.1 * libexempi3-debuginfo-2.4.5-150000.3.6.1 * libexempi-devel-2.4.5-150000.3.6.1 * exempi-debugsource-2.4.5-150000.3.6.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libexempi3-2.4.5-150000.3.6.1 * libexempi3-debuginfo-2.4.5-150000.3.6.1 * libexempi-devel-2.4.5-150000.3.6.1 * exempi-debugsource-2.4.5-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2020-18652.html * https://bugzilla.suse.com/show_bug.cgi?id=1214488 . Critical patch released for exempi mitigating potential memory corruption vulnerabilities. Apply now to ensure your infrastructure remains protected.. exempi Update, Security Advisory, Buffer Overflow Fix, openSUSE Security, Patch Instructions. . LinuxSecurity.com Team
Sep 05, 2023
OpenSUSE
203
security advisorybuffer overflowcode executionMageia 8 MGASA-2022-0236 Critical: Exempi Memory Corruption Issue
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36045) . MGASA-2022-0236 - Updated exempi packages fix security vulnerability Publication date: 18 Jun 2022 URL: https://advisories.mageia.org/MGASA-2022-0236.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-36045, CVE-2021-36046, CVE-2021-36047, CVE-2021-36048, CVE-2021-36050, CVE-2021-36051, CVE-2021-36052, CVE-2021-36053, CVE-2021-36054, CVE-2021-36055, CVE-2021-36056, CVE-2021-36058, CVE-2021-36064, CVE-2021-39847, CVE-2021-40716, CVE-2021-40732, CVE-2021-42528, CVE-2021-42529, CVE-2021-42530, CVE-2021-42531, CVE-2021-42532 XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36045) XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVE-2021-36046) XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36047) XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in thecontext of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36048) XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36050) XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file. (CVE-2021-36051) XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVE-2021-36052) XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36053) XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36054) XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36055) XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of thecurrent user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36056) XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36058) XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36064) XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-39847) XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-40716) XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file. (CVE-2021-40732) XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that avictim must open a malicious file. (CVE-2021-42528) XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-42529) XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-42530) XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-42531) XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-42532) References: - https://bugs.mageia.org/show_bug.cgi?id=30557 - https://ubuntu.com/security/notices/USN-5483-1 - https://www.cve.org/CVERecord?id=CVE-2021-36045 - https://www.cve.org/CVERecord?id=CVE-2021-36046 - https://www.cve.org/CVERecord?id=CVE-2021-36047 - https://www.cve.org/CVERecord?id=CVE-2021-36048 - https://www.cve.org/CVERecord?id=CVE-2021-36050 - https://www.cve.org/CVERecord?id=CVE-2021-36051 - https://www.cve.org/CVERecord?id=CVE-2021-36052 - https://www.cve.org/CVERecord?id=CVE-2021-36053 - https://www.cve.org/CVERecord?id=CVE-2021-36054 - https://www.cve.org/CVERecord?id=CVE-2021-36055 - https://www.cve.org/CVERecord?id=CVE-2021-36056 - https://www.cve.org/CVERecord?id=CVE-2021-36058 - https://www.cve.org/CVERecord?id=CVE-2021-36064 - https://www.cve.org/CVERecord?id=CVE-2021-39847 -https://www.cve.org/CVERecord?id=CVE-2021-40716 - https://www.cve.org/CVERecord?id=CVE-2021-40732 - https://www.cve.org/CVERecord?id=CVE-2021-42528 - https://www.cve.org/CVERecord?id=CVE-2021-42529 - https://www.cve.org/CVERecord?id=CVE-2021-42530 - https://www.cve.org/CVERecord?id=CVE-2021-42531 - https://www.cve.org/CVERecord?id=CVE-2021-42532 SRPMS: - 8/core/exempi-2.5.1-2.1.mga8 . Mageia has released updates for exempi packages to tackle serious out-of-bounds read vulnerabilities along with various other security concerns. Learn how this affects your system's security. Exempi Security Update, Mageia 8, Memory Corruption Issues. . Severity: Critical. LinuxSecurity.com Team
Jun 18, 2022
•Critical
Mageia
172
security advisorydenial of servicecriticalUbuntu 22.04 LTS USN-5483-1 Critical: Exempi Remote Code Execution
Several security issues were fixed in Exempi.. =========================================================================Ubuntu Security Notice USN-5483-1 June 16, 2022 exempi vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Exempi. Software Description: - exempi: library to parse XMP metadata Details: It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: exempi 2.5.2-1ubuntu0.22.04.1 libexempi8 2.5.2-1ubuntu0.22.04.1 Ubuntu 21.10: exempi 2.5.2-1ubuntu0.21.10.1 libexempi8 2.5.2-1ubuntu0.21.10.1 Ubuntu 20.04 LTS: exempi 2.5.1-1ubuntu0.1 libexempi8 2.5.1-1ubuntu0.1 Ubuntu 18.04 LTS: exempi 2.4.5-2ubuntu0.1 libexempi3 2.4.5-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5483-1 CVE-2018-12648, CVE-2021-36045, CVE-2021-36046, CVE-2021-36047, CVE-2021-36048, CVE-2021-36050, CVE-2021-36051, CVE-2021-36052, CVE-2021-36053, CVE-2021-36054, CVE-2021-36055, CVE-2021-36056, CVE-2021-36058, CVE-2021-36064, CVE-2021-39847, CVE-2021-40716, CVE-2021-40732, CVE-2021-42528, CVE-2021-42529, CVE-2021-42530, CVE-2021-42531, CVE-2021-42532 Package Information: https://launchpad.net/ubuntu/+source/exempi/2.5.2-1ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/exempi/2.5.2-1ubuntu0.21.10.1 https://launchpad.net/ubuntu/+source/exempi/2.5.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/exempi/2.4.5-2ubuntu0.1 . New patches released for Exempi to address significant vulnerabilities impacting various Ubuntu distributions on June 16, 2022.. Exempi Issues, Ubuntu Updates, Security Notice 5483-1, Denial of Service, Remote Code Execution. . Severity: Critical. LinuxSecurity.com Team
Jun 16, 2022
•Critical
Ubuntu
200
security advisorydenial of servicebuffer overflowScientific Linux 7: SLSA-2019:2048-1 Low: Exempi Buffer Overflow
exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file containing JPEG data (CVE-2017-18234) * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp (CVE-2017-18236) * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source [More...]. Synopsis: Low: exempi security update Advisory ID: SLSA-2019:2048-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-7730 CVE-2017-18233 CVE-2017-18238 CVE-2017-18236 CVE-2017-18234 -- Security Fix(es): * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file containing JPEG data (CVE-2017-18234) * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp (CVE-2017-18236) * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp (CVE-2017-18238) * exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for denial of service via crafted XLS file (CVE-2018-7730) -- SL7 x86_64 exempi-2.2.0-9.el7.i686.rpm exempi-2.2.0-9.el7.x86_64.rpm exempi-devel-2.2.0-9.el7.i686.rpm exempi-devel-2.2.0-9.el7.x86_64.rpm exempi-debuginfo-2.2.0-9.el7.i686.rpm exempi-debuginfo-2.2.0-9.el7.x86_64.rpm - Scientific Linux Development Team . Minor severity security bulletin regarding exempi weaknesses impacting Scientific Linux 7.x, with essential corrections specified.. exempi Vulnerabilities, Scientific Linux Advisory, Buffer Overflow Exploit. . Severity: Low. LinuxSecurity.com Team
Aug 26, 2019
•Low
Scientific Linux
98
security advisorydenial of servicebuffer overflowRed Hat: RHSA-2019-2048 Low Severity: Exempi Denial of Service
An update for exempi is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: exempi security update Advisory ID: RHSA-2019:2048-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2048 Issue date: 2019-08-06 CVE Names: CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238 CVE-2018-7730 ==================================================================== 1. Summary: An update for exempi is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. Security Fix(es): * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file containingJPEG data (CVE-2017-18234) * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp (CVE-2017-18236) * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp (CVE-2017-18238) * exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for denial of service via crafted XLS file (CVE-2018-7730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1555163 - CVE-2018-7730 exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for denial of service via crafted XLS file 1558715 - CVE-2017-18238 exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp 1559575 - CVE-2017-18233 exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp 1559590 - CVE-2017-18234 exempi: Use after free via a PDF file containing JPEG data 1559596 - CVE-2017-18236 exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: exempi-2.2.0-9.el7.src.rpm x86_64: exempi-2.2.0-9.el7.i686.rpm exempi-2.2.0-9.el7.x86_64.rpm exempi-debuginfo-2.2.0-9.el7.i686.rpm exempi-debuginfo-2.2.0-9.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v.7): x86_64: exempi-debuginfo-2.2.0-9.el7.i686.rpm exempi-debuginfo-2.2.0-9.el7.x86_64.rpm exempi-devel-2.2.0-9.el7.i686.rpm exempi-devel-2.2.0-9.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: exempi-2.2.0-9.el7.src.rpm x86_64: exempi-2.2.0-9.el7.i686.rpm exempi-2.2.0-9.el7.x86_64.rpm exempi-debuginfo-2.2.0-9.el7.i686.rpm exempi-debuginfo-2.2.0-9.el7.x86_64.rpm exempi-devel-2.2.0-9.el7.i686.rpm exempi-devel-2.2.0-9.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: exempi-2.2.0-9.el7.src.rpm ppc64: exempi-2.2.0-9.el7.ppc.rpm exempi-2.2.0-9.el7.ppc64.rpm exempi-debuginfo-2.2.0-9.el7.ppc.rpm exempi-debuginfo-2.2.0-9.el7.ppc64.rpm ppc64le: exempi-2.2.0-9.el7.ppc64le.rpm exempi-debuginfo-2.2.0-9.el7.ppc64le.rpm s390x: exempi-2.2.0-9.el7.s390.rpm exempi-2.2.0-9.el7.s390x.rpm exempi-debuginfo-2.2.0-9.el7.s390.rpm exempi-debuginfo-2.2.0-9.el7.s390x.rpm x86_64: exempi-2.2.0-9.el7.i686.rpm exempi-2.2.0-9.el7.x86_64.rpm exempi-debuginfo-2.2.0-9.el7.i686.rpm exempi-debuginfo-2.2.0-9.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: exempi-debuginfo-2.2.0-9.el7.ppc.rpm exempi-debuginfo-2.2.0-9.el7.ppc64.rpm exempi-devel-2.2.0-9.el7.ppc.rpm exempi-devel-2.2.0-9.el7.ppc64.rpm ppc64le: exempi-debuginfo-2.2.0-9.el7.ppc64le.rpm exempi-devel-2.2.0-9.el7.ppc64le.rpm s390x: exempi-debuginfo-2.2.0-9.el7.s390.rpm exempi-debuginfo-2.2.0-9.el7.s390x.rpm exempi-devel-2.2.0-9.el7.s390.rpm exempi-devel-2.2.0-9.el7.s390x.rpm x86_64: exempi-debuginfo-2.2.0-9.el7.i686.rpm exempi-debuginfo-2.2.0-9.el7.x86_64.rpm exempi-devel-2.2.0-9.el7.i686.rpm exempi-devel-2.2.0-9.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: exempi-2.2.0-9.el7.src.rpm x86_64: exempi-2.2.0-9.el7.i686.rpm exempi-2.2.0-9.el7.x86_64.rpm exempi-debuginfo-2.2.0-9.el7.i686.rpm exempi-debuginfo-2.2.0-9.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): x86_64: exempi-debuginfo-2.2.0-9.el7.i686.rpm exempi-debuginfo-2.2.0-9.el7.x86_64.rpm exempi-devel-2.2.0-9.el7.i686.rpm exempi-devel-2.2.0-9.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-18233 https://access.redhat.com/security/cve/CVE-2017-18234 https://access.redhat.com/security/cve/CVE-2017-18236 https://access.redhat.com/security/cve/CVE-2017-18238 https://access.redhat.com/security/cve/CVE-2018-7730 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.7_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl23NzjgjWX9erEAQiUzg/+M5qP7gt/RebQ574U24ggpfjvlueeRvy2 VHJ6fkd4Ma7/zpxidOH2v++Pz4hzl9pjI7CKvgz9BFTzMEK0pMsmABLDYJf/q5La 8Ss3eE0yh6ZnbseRy5u8hZZNMMHHJzUCKRdnTKDLkjWfh1yvJe7LkppvKO3HH4c4 ckH9fiblSND4bsso/NLXKlR+NBmHyCJgpKlq9vfV16zxPyfn18VVxWzpzZPf++Pr F9YEnRaDeQF/4rmSYFQca0kKuXFAEKeYkKcH+3bnxhBU5N8S1ZnpOO/s2/0qRNBr N2wF+K6jxR9mRuZb2QirVbBcycgy4vOZzZ215OuW6KVqQHWBhzFEWYOgNigFshtw VBn6gTSDq1En2S6kOCXmlpvYc7+6GZBjgBgIVgTu4MLA8vSn9LsX/Tbd89pGPzZb Mwg4mqrguubY9skU/YAtEUQ/O52ImTXWPMOY68cJ3OQ6LBtb2Rou4ZEmK7kkNRwX 3cypFoBmqT5/hVIrZ/6LW7/j5f1ZLVnDkNy/PBcmFNXt7WQBwzVqPf0g8LC4mM9c dC31FXOyUe3jPWkWge222kAXcUDHIBfDjpZ/7rJEkQI1JUdeA5RPmuAtivqs7K0y KtYTIE8MHuHT/56ljaeYiMg7rWZMPxClLDU7QuqTAfhAl9hqVlLtliBTjjR6I5Tc 1Dg/r3zRhhA=YQ62 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 06, 2019
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!