exempi: denial of service via opening of crafted webp file

A buffer overflow flaw was found in the exempi package. This issue occurs in WEBPSupport.cpp and may allow remote attackers to cause a denial of service via opening a crafted webp file...

exempi: denial of service via opening of crafted audio file with ID3V2 frame

A buffer overflow flaw was found in the exempi package. This issue occurs in the ID3Support::ID3v2Frame::getFrameValue function that allows remote attackers to cause a denial of service via opening a crafted audio file with the ID3V2 frame...

CentOS 8 : exempi (CESA-2024:3066)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3066 advisory. - Buffer Overflow vulnerability in function ID3Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial...

RHEL 6 : exempi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - exempi: Use after free via a PDF file containing JPEG data CVE-2017-18234 - An issue was discovered in...

CVE-2020-18652

A buffer overflow flaw was found in the exempi package. This issue occurs in WEBPSupport.cpp and may allow remote attackers to cause a denial of service via opening a crafted webp file. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the...

CVE-2020-18651

A buffer overflow flaw was found in the exempi package. This issue occurs in the ID3Support::ID3v2Frame::getFrameValue function that allows remote attackers to cause a denial of service via opening a crafted audio file with the ID3V2 frame. Mitigation Mitigation for this issue is either not...

Ubuntu: Security Advisory (USN-5483-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

new packages: exempi

An update is available for exempi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.0...

openSUSE: Security Advisory for exempi (openSUSE-SU-2019:1657-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

EulerOS 2.0 SP2 : exempi (EulerOS-SA-2019-2373)

According to the versions of the exempi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote...

EulerOS 2.0 SP5 : exempi (EulerOS-SA-2019-2524)

According to the version of the exempi package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in...

EulerOS 2.0 SP5 : exempi (EulerOS-SA-2019-2143)

According to the versions of the exempi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Exempi before 2.4.4. The ASFSupport::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASFSupport.cpp allows...

RHEL 7 : exempi (RHSA-2019:2048)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2048 advisory. Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake...

EulerOS 2.0 SP1 : exempi (EulerOS-SA-2018-1124)

According to the versions of the exempi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service invalid memcpy with resultant...

Updated exempi package fixes security vulnerabilities

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in PostScriptHandler.cpp CVE-2018-7729. An issue was discovered in Exempi through 2.4.4. WEBPSupport.cpp does not check whether a bitstream has a NULL value,...

EulerOS 2.0 SP2 : exempi (EulerOS-SA-2018-1111)

According to the versions of the exempi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake.It...

MGASA-2018-0183 Updated exempi package fixes security vulnerabilities

CVE-2018-7728: Specially crafted TIFF images could have been used to cause a denial of service via a heap-based buffer overflow. CVE-2018-7730: Specially crafted Excel files could have been used cause a denial of service via a heap-based buffer overflow...

Debian: Security Advisory (DLA-1310-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2016-0101 Updated exempi exiv2 packages fix security vulnerability

exempi contains code to protect against a denial-service-attack related to XML entity expansion "billion laughs attack", but it was not compiled into the Mageia package because BanAllEntityUsage was not defined when the package was compiled. This has been corrected by recompiling it with the...