CVE-2018-12648

Опубликовано: 21 июн. 2018

Источник: redhat

CVSS3: 3.3

EPSS Низкий

Описание

The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.

Exempi is vulnerable to an issue that may manifest as a NULL pointer dereference or an out-of-bounds access due to not checking if vector is of required size before accessing its elements. An attacker could use this to cause a denial of service.

Отчет

This issue did not affect the versions of exempi as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for WEBP format in the code of which the vulnerability exists.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	exempi	Not affected
Red Hat Enterprise Linux 7	exempi	Not affected
Red Hat Enterprise Linux 8	exempi	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-476

Дефект:

CWE-787

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1594642exempi: NULL pointer dereference in WEBP_Support.hpp:WEBP::GetLE32() allows for denial of service

EPSS

Процентиль: 61%

0.00415

Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVE-2018-12648

CVSS3: 7.5

ubuntu

больше 7 лет назад

The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.

CVE-2018-12648

CVSS3: 7.5

nvd

больше 7 лет назад

The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.

CVE-2018-12648

CVSS3: 7.5

debian

больше 7 лет назад

The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Suppo ...

openSUSE-SU-2019:1657-1

suse-cvrf

больше 6 лет назад

Security update for exempi

openSUSE-SU-2019:1649-1

suse-cvrf

больше 6 лет назад

Security update for exempi

EPSS

Процентиль: 61%

0.00415

Низкий

3.3 Low

CVSS3