CVE-2017-18236 – exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp
https://notcve.org/view.php?id=CVE-2017-18236
An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. Se ha descubierto un problema en versiones anteriores a la 2.4.4 de Exempi. La función ASF_Support::ReadHeaderObject en XMPFiles/source/FormatSupport/ASF_Support.cpp permite que atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante un archivo .asf manipulado. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=102484 https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806 https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2017-18236 https://bugzilla.redhat.com/show_bug.cgi?id=1559596 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-18237
https://notcve.org/view.php?id=CVE-2017-18237
An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file. Se ha descubierto un problema en versiones anteriores a la 2.4.3 de Exempi. La función PostScript_Support::ConvertToDate en XMPFiles/source/FormatSupport/PostScript_Support.cpp permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero no válido y bloqueo de aplicación) mediante un archivo .ps manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=101914 https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048 • CWE-476: NULL Pointer Dereference •
CVE-2017-18234 – exempi: Use after free via a PDF file containing JPEG data
https://notcve.org/view.php?id=CVE-2017-18234
An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp. Se ha descubierto un problema en versiones anteriores a la 2.4.3 de Exempi. Permite que los atacantes remotos provoquen una denegación de servicio (memcpy no válido con uso de memoria previamente liberada) o, posiblemente, otro impacto no especificado mediante un archivo .pdf que contenga datos JPEG. Esto está relacionado con XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp y XMPFiles/source/FormatSupport/TIFF_Support.hpp. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=100397 https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2017-18234 https://bugzilla.redhat.com/show_bug.cgi?id=1559590 • CWE-416: Use After Free •
CVE-2018-7729
https://notcve.org/view.php?id=CVE-2018-7729
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. Se ha descubierto un problema en Exempi hasta su versión 2.4.4. Hay una sobrelectura de búfer basada en pila en la función PostScript_MetaHandler::ParsePSFile() en XMPFiles/source/FileHandlers/PostScript_Handler.cpp. • https://bugs.freedesktop.org/show_bug.cgi?id=105206 https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV https://usn.ubuntu.com/3668-1 • CWE-125: Out-of-bounds Read •
CVE-2018-7730 – exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for denial of service via crafted XLS file
https://notcve.org/view.php?id=CVE-2018-7730
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. Se ha descubierto un problema en Exempi hasta su versión 2.4.4. Cierto caso de longitud 0xffffffff se gestiona de manera incorrecta en XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, lo que conduce a una sobrelectura de búfer basada en memoria dinámica (heap) en la función PSD_MetaHandler::CacheFileData(). An integer wraparound, leading to a buffer overflow, was found in Exempi in the way it handles Adobe Photoshop Images. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=105204 https://cgit.freedesktop.org/exempi/commit/?id=6cbd34025e5fd3ba47b29b602096e456507ce83b https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2018-7730 https://bugzilla.redhat.com/show_bug.cgi?id& • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •