| Revision Date: | 2018-10-24 | Version: | 1 |
| Title: | Security update for exempi (Moderate) |
| Description: |
This update for exempi fixes the following security issues:
- CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file (bsc#1085584). - CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file (bsc#1085583). - CVE-2018-7728: Fixed heap-based buffer overflow, which allowed denial of service via crafted TIFF image (bsc#1085297). - CVE-2018-7730: Fixed heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295). - CVE-2017-18236: The ASF_Support::ReadHeaderObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted .asf file (bsc#1085589). - CVE-2017-18234: Prevent use-after-free that allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a .pdf file containing JPEG data (bsc#1085585).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1085295
1085297
1085583
1085584
1085585
1085589
CVE-2017-18233
CVE-2017-18234
CVE-2017-18236
CVE-2017-18238
CVE-2018-7728
CVE-2018-7730
SUSE-SU-2018:3389-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP3
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3 is installed AND libexempi3-2.2.1-5.7.1 is installed
|