CVE-2017-18238 – exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp
https://notcve.org/view.php?id=CVE-2017-18238
An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. Se ha descubierto un problema en versiones anteriores a la 2.4.4 de Exempi. La función TradQT_Manager::ParseCachedBoxes en XMPFiles/source/FormatSupport/QuickTime_Support.cpp permite que los atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante datos XMP manipulados en un archivo .qt. An infinite loop has been discovered in Exempi in the way it handles Extensible Metadata Platform (XMP) data in QuickTime files. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=102483 https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331 https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2017-18238 https://bugzilla.redhat.com/show_bug.cgi?id=1558715 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-18236 – exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp
https://notcve.org/view.php?id=CVE-2017-18236
An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. Se ha descubierto un problema en versiones anteriores a la 2.4.4 de Exempi. La función ASF_Support::ReadHeaderObject en XMPFiles/source/FormatSupport/ASF_Support.cpp permite que atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante un archivo .asf manipulado. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=102484 https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806 https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2017-18236 https://bugzilla.redhat.com/show_bug.cgi?id=1559596 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-18237
https://notcve.org/view.php?id=CVE-2017-18237
An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file. Se ha descubierto un problema en versiones anteriores a la 2.4.3 de Exempi. La función PostScript_Support::ConvertToDate en XMPFiles/source/FormatSupport/PostScript_Support.cpp permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero no válido y bloqueo de aplicación) mediante un archivo .ps manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=101914 https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048 • CWE-476: NULL Pointer Dereference •
CVE-2017-18234 – exempi: Use after free via a PDF file containing JPEG data
https://notcve.org/view.php?id=CVE-2017-18234
An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp. Se ha descubierto un problema en versiones anteriores a la 2.4.3 de Exempi. Permite que los atacantes remotos provoquen una denegación de servicio (memcpy no válido con uso de memoria previamente liberada) o, posiblemente, otro impacto no especificado mediante un archivo .pdf que contenga datos JPEG. Esto está relacionado con XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp y XMPFiles/source/FormatSupport/TIFF_Support.hpp. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=100397 https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2017-18234 https://bugzilla.redhat.com/show_bug.cgi?id=1559590 • CWE-416: Use After Free •
CVE-2018-7729
https://notcve.org/view.php?id=CVE-2018-7729
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. Se ha descubierto un problema en Exempi hasta su versión 2.4.4. Hay una sobrelectura de búfer basada en pila en la función PostScript_MetaHandler::ParsePSFile() en XMPFiles/source/FileHandlers/PostScript_Handler.cpp. • https://bugs.freedesktop.org/show_bug.cgi?id=105206 https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV https://usn.ubuntu.com/3668-1 • CWE-125: Out-of-bounds Read •