UbuntuUpdates.org

Package "exempi"

Name: exempi

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • library to parse XMP metadata (Development files)
  • library to parse XMP metadata (Library)

Latest version: 2.4.5-2ubuntu0.1
Release: bionic (18.04)
Level: updates
Repository: main

Links



Other versions of "exempi" in Bionic

Repository Area Version
base universe 2.4.5-2
base main 2.4.5-2
security main 2.4.5-2ubuntu0.1
security universe 2.4.5-2ubuntu0.1
updates universe 2.4.5-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.4.5-2ubuntu0.1 2022-06-16 18:06:19 UTC

  exempi (2.4.5-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in WEBP
    - debian/patches/CVE-2018-12648.patch: add check to
      XMPFiles/source/FormatSupport/WEBP_Support.cpp.
    - CVE-2018-12648
  * SECURITY UPDATE: Multiple security issues
    - debian/patches/202107.patch: port fixes from the 2021.07 code drop.
    - debian/patches/202108-1.patch: port fixes from the 2021.08 code drop.
    - debian/patches/202108-2.patch: port fixes from the 2021.08 code drop.
    - CVE-2021-36045, CVE-2021-36046, CVE-2021-36047, CVE-2021-36048,
      CVE-2021-36050, CVE-2021-36051, CVE-2021-36052, CVE-2021-36053,
      CVE-2021-36054, CVE-2021-36055, CVE-2021-36056, CVE-2021-36058,
      CVE-2021-36064, CVE-2021-39847, CVE-2021-40716, CVE-2021-40732,
      CVE-2021-42528, CVE-2021-42529, CVE-2021-42530, CVE-2021-42531,
      CVE-2021-42532

 -- Marc Deslauriers <email address hidden> Tue, 14 Jun 2022 10:24:30 -0400

CVE-2018-12648 The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.
CVE-2021-36045 XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory.
CVE-2021-36046 XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the c
CVE-2021-36047 XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execut
CVE-2021-36048 XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execut
CVE-2021-36050 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the
CVE-2021-36051 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the
CVE-2021-36052 XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the c
CVE-2021-36053 XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory.
CVE-2021-36054 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of serv
CVE-2021-36055 XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the con
CVE-2021-36056 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the
CVE-2021-36058 XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of se
CVE-2021-36064 XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the contex
CVE-2021-39847 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execu
CVE-2021-40716 XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2021-40732 XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memor
CVE-2021-42528 XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated a
CVE-2021-42529 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code exec
CVE-2021-42530 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code exec
CVE-2021-42531 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code exec
CVE-2021-42532 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code exec



About   -   Send Feedback to @ubuntu_updates