UbuntuUpdates.org

Package "libexempi3-dbg"

Name: libexempi3-dbg

Description:

library to parse XMP metadata (Debug files)

Latest version: 2.2.2-2ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: main
Head package: exempi
Homepage: http://libopenraw.freedesktop.org/wiki/Exempi

Links


Download "libexempi3-dbg"


Other versions of "libexempi3-dbg" in Xenial

Repository Area Version
base main 2.2.2-2
updates main 2.2.2-2ubuntu0.1

Changelog

Version: 2.2.2-2ubuntu0.1 2018-06-04 13:07:30 UTC

  exempi (2.2.2-2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in RIFF.cpp
    - debian/patches/CVE-2017-18233.patch: fix overflow in
      source/XMPFiles/FormatSupport/RIFF.cpp.
    - CVE-2017-18233
  * SECURITY UPDATE: DoS via pdf file with JPEG data
    - debian/patches/CVE-2017-18234.patch: fix error handling and replace
      memcpy in public/include/XMP_Const.h,
      public/include/client-glue/WXMP_Common.hpp,
      source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp,
      source/XMPFiles/FormatSupport/TIFF_Support.hpp,
      source/common/XMP_LibUtils.hpp.
    - Thanks to Debian for the backport!
    - CVE-2017-18234
  * SECURITY UPDATE: infinite loop via a crafted asf file
    - debian/patches/CVE-2017-18236.patch: check size in
      source/XMPFiles/FormatSupport/ASF_Support.cpp.
    - CVE-2017-18236
  * SECURITY UPDATE: infinite loop via XMP data in qt file
    - debian/patches/CVE-2017-18238.patch: exit loop in
      source/XMPFiles/FormatSupport/QuickTime_Support.cpp.
    - CVE-2017-18238
  * SECURITY UPDATE: heap-based buffer over-read in the MD5Update()
    - debian/patches/CVE-2018-7728.patch: check dataLen in
      source/XMPFiles/FileHandlers/TIFF_Handler.cpp.
    - CVE-2018-7728
  * SECURITY UPDATE: buffer over-read in CacheFileData()
    - debian/patches/CVE-2018-7730.patch: check dataLen in
      source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp.
    - CVE-2018-7730

 -- Marc Deslauriers <email address hidden> Thu, 31 May 2018 13:42:17 -0400

CVE-2017-18233 An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers
CVE-2017-18234 An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free
CVE-2017-18236 An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows re
CVE-2017-18238 An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp
CVE-2018-7728 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-
CVE-2018-7730 An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter



About   -   Send Feedback to @ubuntu_updates