UbuntuUpdates.org

Package "exempi"

Name: exempi

Description:

command line tool to manipulate XMP metadata
Latest version: 2.2.1-1ubuntu1.1
Release: trusty (14.04)
Level: security
Repository: universe
Homepage: http://libopenraw.freedesktop.org/wiki/Exempi

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "exempi"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "exempi" in Trusty

Repository Area Version
base main 2.2.1-1ubuntu1
base universe 2.2.1-1ubuntu1
security main 2.2.1-1ubuntu1.1
updates main 2.2.1-1ubuntu1.1
updates universe 2.2.1-1ubuntu1.1

Changelog

Version: 2.2.1-1ubuntu1.1 2018-06-04 13:07:28 UTC

  exempi (2.2.1-1ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in RIFF.cpp
    - debian/patches/CVE-2017-18233.patch: fix overflow in
      source/XMPFiles/FormatSupport/RIFF.cpp.
    - CVE-2017-18233
  * SECURITY UPDATE: DoS via pdf file with JPEG data
    - debian/patches/CVE-2017-18234.patch: fix error handling and replace
      memcpy in public/include/XMP_Const.h,
      public/include/client-glue/WXMP_Common.hpp,
      source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp,
      source/XMPFiles/FormatSupport/TIFF_Support.hpp,
      source/common/XMP_LibUtils.hpp.
    - Thanks to Debian for the backport!
    - CVE-2017-18234
  * SECURITY UPDATE: infinite loop via a crafted asf file
    - debian/patches/CVE-2017-18236.patch: check size in
      source/XMPFiles/FormatSupport/ASF_Support.cpp.
    - CVE-2017-18236
  * SECURITY UPDATE: infinite loop via XMP data in qt file
    - debian/patches/CVE-2017-18238.patch: exit loop in
      source/XMPFiles/FormatSupport/QuickTime_Support.cpp.
    - CVE-2017-18238
  * SECURITY UPDATE: heap-based buffer over-read in the MD5Update()
    - debian/patches/CVE-2018-7728.patch: check dataLen in
      source/XMPFiles/FileHandlers/TIFF_Handler.cpp.
    - CVE-2018-7728
  * SECURITY UPDATE: buffer over-read in CacheFileData()
    - debian/patches/CVE-2018-7730.patch: check dataLen in
      source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp.
    - CVE-2018-7730

 -- Marc Deslauriers <email address hidden> Thu, 31 May 2018 13:48:18 -0400
CVE-2017-18233 An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers
CVE-2017-18234 An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free
CVE-2017-18236 An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows re
CVE-2017-18238 An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp
CVE-2018-7728 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-
CVE-2018-7730 An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter


About   -   Send Feedback to @ubuntu_updates