PRIOn knowledge basePRION:CVE-2017-18234

HistoryMar 15, 2018 - 7:29 p.m.

Design/Logic Flaw

2018-03-1519:29:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

JSON

An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq17.10
debian_linuxeq7.0
exempilt2.4.3

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	17.10
debian_linux	eq	7.0
exempi	lt	2.4.3

References

access.redhat.com/errata/RHSA-2019:2048

bugs.freedesktop.org/show_bug.cgi?id=100397

cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c

lists.debian.org/debian-lts-announce/2018/03/msg00013.html

usn.ubuntu.com/3668-1/