Vulnerability CVE-2018-7729

Vulnerability Name:

CVE-2018-7729 (CCN-139939)

Assigned:

2018-02-26

Published:

2018-02-26

Updated:

2020-10-26

Summary:

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2018-7729

Source: CCN
Type: Bugzilla Bug 105206
heap-buffer-overflow in PostScript_MetaHandler::ParsePSFile() of exempi 2.4.4

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://bugs.freedesktop.org/show_bug.cgi?id=105206

Source: CCN
Type: exempi CGIT Repository
Bug 105206 - Fix a buffer overflow in the PS Handler

Source: MISC
Type: Patch, Third Party Advisory
https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c

Source: XF
Type: UNKNOWN
exempi-cve20187729-bo(139939)

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-e22e9a655d

Source: UBUNTU
Type: Third Party Advisory
USN-3668-1

Vulnerable Configuration:

Configuration 1:

cpe:/a:exempi_project:exempi:*:*:*:*:*:*:*:* (Version <= 2.4.4)

Configuration 2:

cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20187729	V	CVE-2018-7729	2023-06-22
oval:org.opensuse.security:def:7928	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:656	P	Security update for protobuf (Moderate) (in QA)	2022-10-06
oval:org.opensuse.security:def:768	P	Security update for wireshark (Moderate)	2022-09-19
oval:org.opensuse.security:def:94048	P	(Important)	2022-07-13
oval:org.opensuse.security:def:3308	P	opensc-0.13.0-3.3.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94938	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:992	P	Security update for containerd, docker (Important)	2022-05-16
oval:org.opensuse.security:def:1348	P	Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) (Important)	2022-05-10
oval:org.opensuse.security:def:1693	P	Security update for stunnel (Important)	2022-03-16
oval:org.opensuse.security:def:100761	P	(Important)	2022-03-04
oval:org.opensuse.security:def:112204	P	exempi-tools-2.5.2-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:67802	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15) (Important)	2021-11-17
oval:org.opensuse.security:def:1577	P	Security update for samba (Important)	2021-11-15
oval:org.opensuse.security:def:1221	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:105735	P	exempi-tools-2.5.2-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:71142	P	audit-devel-2.8.1-3.30 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71255	P	libfreebl3-3.41.1-3.13.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64555	P	Security update for c-ares (Important)	2021-08-17
oval:org.opensuse.security:def:47730	P	libkde4-32bit-4.12.0-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47304	P	libFLAC++6-1.3.0-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48092	P	libapr-util1-1.5.3-2.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47618	P	ghostscript-9.25-23.13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47178	P	wpa_supplicant-2.2-14.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48238	P	mailx-12.5-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47842	P	pam_krb5-2.4.4-4.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47313	P	libXext6-1.3.2-3.60 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48334	P	vino-3.20.2-5.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48204	P	libtasn1-4.9-3.10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47638	P	guile-2.0.9-8.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47290	P	ipsec-tools-0.8.0-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48350	P	xrdp-0.9.10-1.35 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47878	P	rrdtool-1.4.7-20.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47425	P	libvdpau1-1.1.1-6.73 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47177	P	wireshark-1.12.13-31.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48176	P	libpoppler-glib8-0.43.0-16.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47750	P	libnghttp2-14-1.7.1-1.84 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47192	P	yast2-users-3.1.57-16.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48303	P	sblim-sfcb-1.4.8-17.3.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47990	P	dbus-1-glib-0.100.2-3.58 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47506	P	stunnel-5.00-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47289	P	ibus-chewing-1.4.14-4.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48288	P	python-requests-2.18.2-8.4.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:1104	P	libpango-1_0-0-1.44.7+11-1.25 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72501	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62782	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101188	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:48415	P	fetchmail-6.3.26-12.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48517	P	libldb1-1.1.26-10.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48446	P	ipsec-tools-0.8.0-15.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48405	P	dovecot22-2.2.13-2.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1460	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:64468	P	Security update for wpa_supplicant (Moderate)	2021-04-13
oval:org.opensuse.security:def:66728	P	Security update for bcc (Moderate)	2021-04-07
oval:org.opensuse.security:def:69979	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:62549	P	libexempi-devel-2.4.5-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72385	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107427	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62666	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116985	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72156	P	libexempi-devel-2.4.5-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62437	P	libexempi-devel-2.4.5-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89899	P	libexempi-devel-2.4.5-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72268	P	libexempi-devel-2.4.5-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103554	P	libexempi-devel-2.4.5-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49662	P	libexempi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66636	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70084	P	libexempi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73419	P	libexempi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49491	P	typelib-1_0-JavaScriptCore-4_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49433	P	libexempi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49608	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49545	P	libexempi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73301	P	python3-pip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67902	P	libexempi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49379	P	containerd on GA media (Moderate)	2020-12-01
oval:com.ubuntu.artful:def:20187729000	V	CVE-2018-7729 on Ubuntu 17.10 (artful) - low.	2018-03-06
oval:com.ubuntu.bionic:def:20187729000	V	CVE-2018-7729 on Ubuntu 18.04 LTS (bionic) - low.	2018-03-06
oval:com.ubuntu.bionic:def:201877290000000	V	CVE-2018-7729 on Ubuntu 18.04 LTS (bionic) - low.	2018-03-06
oval:com.ubuntu.trusty:def:20187729000	V	CVE-2018-7729 on Ubuntu 14.04 LTS (trusty) - low.	2018-03-06
oval:com.ubuntu.xenial:def:201877290000000	V	CVE-2018-7729 on Ubuntu 16.04 LTS (xenial) - low.	2018-03-06
oval:com.ubuntu.xenial:def:20187729000	V	CVE-2018-7729 on Ubuntu 16.04 LTS (xenial) - low.	2018-03-06

BACK