328 matches found
CVE-2018-7729
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in XMPFiles/source/FileHandlers/PostScriptHandler.cpp...
CVE-2018-7728
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFFHandler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update function in third-party/zuid/interfaces/MD5.cpp...
UBUNTU-CVE-2018-7730
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIRFileWriter.cpp, leading to a heap-based buffer over-read in the PSDMetaHandler::CacheFileData function...
UBUNTU-CVE-2018-7731
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBPSupport.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class...
UBUNTU-CVE-2018-7729
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in XMPFiles/source/FileHandlers/PostScriptHandler.cpp...
UBUNTU-CVE-2018-7728
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFFHandler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update function in third-party/zuid/interfaces/MD5.cpp...
MGASA-2016-0101 Updated exempi exiv2 packages fix security vulnerability
exempi contains code to protect against a denial-service-attack related to XML entity expansion "billion laughs attack", but it was not compiled into the Mageia package because BanAllEntityUsage was not defined when the package was compiled. This has been corrected by recompiling it with the...
Updated exempi exiv2 packages fix security vulnerability
exempi contains code to protect against a denial-service-attack related to XML entity expansion "billion laughs attack", but it was not compiled into the Mageia package because BanAllEntityUsage was not defined when the package was compiled. This has been corrected by recompiling it with the...