SUSE-SU-2018:3389-1 -- SLES exempi-debugsource, libexempi3ID: oval:org.secpod.oval:def:89043528 | Date: (C)2021-03-05 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for exempi fixes the following security issues: - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service via crafted XMP data in a .avi file . - CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote attackers to cause a denial of service via crafted XMP data in a .qt file . - CVE-2018-7728: Fixed heap-based buffer overflow, which allowed denial of service via crafted TIFF image . - CVE-2018-7730: Fixed heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp . - CVE-2017-18236: The ASF_Support::ReadHeaderObject function allowed remote attackers to cause a denial of service via a crafted .asf file . - CVE-2017-18234: Prevent use-after-free that allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a .pdf file containing JPEG data .
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
Product: |
exempi-debugsource |
libexempi3 |