Download
| Alert*
|
oval:org.secpod.oval:def:89043528
This update for exempi fixes the following security issues: - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service via crafted XMP data in a .avi file . - CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote a ... oval:org.secpod.oval:def:205303 Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. Security Fix: * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp * exempi: Use after free via ... oval:org.secpod.oval:def:704101 exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:503278 Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. Security Fix: * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp * exempi: Use after free via ... oval:org.secpod.oval:def:1504482 [2.2.0-9] - Fix CVE-2017-18233 resolves: #1574865 - Fix CVE-2017-18234 resolves: #1656011 - Fix CVE-2017-18236 resolves: #1574905 - Fix CVE-2017-18238 resolves: #1572270 - Fix CVE-2018-7730 resolves: #1572631 oval:org.secpod.oval:def:52048 exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:2000969 An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service via crafted XMP data in a .qt file. oval:org.secpod.oval:def:1700252 An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service via crafted XMP data in a .avi file.An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause ... |
