ALAS2-2019-1321 --- exempiID: oval:org.secpod.oval:def:1700252 | Date: (C)2019-10-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service via crafted XMP data in a .avi file.An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service via a crafted .asf file.An infinite loop has been discovered in Exempi in the way it handles Extensible Metadata Platform data in QuickTime files. An attacker could cause a denial of service via a crafted file.An integer wraparound, leading to a buffer overflow, was found in Exempi in the way it handles Adobe Photoshop Images. An attacker could exploit this to cause a denial of service via a crafted image file.