12 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. A buffer overflow flaw was found in the exempi package. This issue occurs in the ID3_Support::ID3v2Frame::getFrameValue function that allows remote attackers to cause a denial of service via opening a crafted audio file with the ID3V2 frame. • https://gitlab.freedesktop.org/libopenraw/exempi/commit/fdd4765a699f9700850098b43b9798b933acb32f https://gitlab.freedesktop.org/libopenraw/exempi/issues/13 https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html https://access.redhat.com/security/cve/CVE-2020-18651 https://bugzilla.redhat.com/show_bug.cgi?id=2235669 • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. A buffer overflow flaw was found in the exempi package. This issue occurs in WEBP_Support.cpp and may allow remote attackers to cause a denial of service via opening a crafted webp file. • https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7 https://gitlab.freedesktop.org/libopenraw/exempi/issues/12 https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html https://access.redhat.com/security/cve/CVE-2020-18652 https://bugzilla.redhat.com/show_bug.cgi?id=2235673 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file. >Se ha descubierto un problema en versiones anteriores a la 2.4.3 de Exempi. La clase VPXChunk en XMPFiles/source/FormatSupport/WEBP_Support.cpp no se asegura de que los valores de ancho y alto no sean ceros, lo que permite a los atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de la aplicación) mediante un archivo .webp manipulado. • https://bugs.freedesktop.org/show_bug.cgi?id=101913 https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file. Se ha descubierto un problema en versiones anteriores a la 2.4.4 de Exempi. Desbordamiento de enteros en la clase Chunk en XMPFiles/source/FormatSupport/RIFF.cpp permite que los atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante datos XMP manipulados en un archivo .avi. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=102151 https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260 https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2017-18233 https://bugzilla.redhat.com/show_bug.cgi?id=1559575 • CWE-190: Integer Overflow or Wraparound CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. Se ha descubierto un problema en versiones anteriores a la 2.4.4 de Exempi. La función TradQT_Manager::ParseCachedBoxes en XMPFiles/source/FormatSupport/QuickTime_Support.cpp permite que los atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante datos XMP manipulados en un archivo .qt. An infinite loop has been discovered in Exempi in the way it handles Extensible Metadata Platform (XMP) data in QuickTime files. • https://access.redhat.com/errata/RHSA-2019:2048 https://bugs.freedesktop.org/show_bug.cgi?id=102483 https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331 https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1 https://access.redhat.com/security/cve/CVE-2017-18238 https://bugzilla.redhat.com/show_bug.cgi?id=1558715 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •