UbuntuUpdates.org

Package "libexempi3"

Name: libexempi3

Description:

library to parse XMP metadata (Library)
Latest version: 2.4.5-2ubuntu0.1
Release: bionic (18.04)
Level: updates
Repository: main
Head package: exempi
Homepage: https://libopenraw.freedesktop.org/wiki/Exempi

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libexempi3"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libexempi3" in Bionic

Repository Area Version
base main 2.4.5-2
security main 2.4.5-2ubuntu0.1

Changelog

Version: 2.4.5-2ubuntu0.1 2022-06-16 18:06:19 UTC

  exempi (2.4.5-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in WEBP
    - debian/patches/CVE-2018-12648.patch: add check to
      XMPFiles/source/FormatSupport/WEBP_Support.cpp.
    - CVE-2018-12648
  * SECURITY UPDATE: Multiple security issues
    - debian/patches/202107.patch: port fixes from the 2021.07 code drop.
    - debian/patches/202108-1.patch: port fixes from the 2021.08 code drop.
    - debian/patches/202108-2.patch: port fixes from the 2021.08 code drop.
    - CVE-2021-36045, CVE-2021-36046, CVE-2021-36047, CVE-2021-36048,
      CVE-2021-36050, CVE-2021-36051, CVE-2021-36052, CVE-2021-36053,
      CVE-2021-36054, CVE-2021-36055, CVE-2021-36056, CVE-2021-36058,
      CVE-2021-36064, CVE-2021-39847, CVE-2021-40716, CVE-2021-40732,
      CVE-2021-42528, CVE-2021-42529, CVE-2021-42530, CVE-2021-42531,
      CVE-2021-42532

 -- Marc Deslauriers <email address hidden> Tue, 14 Jun 2022 10:24:30 -0400
CVE-2018-12648 The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.
CVE-2021-36045 XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory.
CVE-2021-36046 XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the c
CVE-2021-36047 XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execut
CVE-2021-36048 XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execut
CVE-2021-36050 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the
CVE-2021-36051 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the
CVE-2021-36052 XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the c
CVE-2021-36053 XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory.
CVE-2021-36054 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of serv
CVE-2021-36055 XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the con
CVE-2021-36056 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the
CVE-2021-36058 XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of se
CVE-2021-36064 XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the contex
CVE-2021-39847 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execu
CVE-2021-40716 XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2021-40732 XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memor
CVE-2021-42528 XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated a
CVE-2021-42529 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code exec
CVE-2021-42530 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code exec
CVE-2021-42531 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code exec
CVE-2021-42532 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code exec


About   -   Send Feedback to @ubuntu_updates