Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:0732-1

Опубликовано: 18 мар. 2018
Источник: suse-cvrf

Описание

Security update for exempi

This update for exempi fixes the following issues:

  • CVE-2018-7728: Specially crafted TIFF images could have been used to cause a denial of service via a heap-based buffer overflow (boo#1085297)
  • CVE-2018-7730: Specially crafted Excel files could have been used cause a denial of service via a heap-based buffer overflow (boo#1085295)

Список пакетов

openSUSE Leap 42.3
exempi-2.2.2-6.3.1
exempi-tools-2.2.2-6.3.1
libexempi-devel-2.2.2-6.3.1
libexempi3-2.2.2-6.3.1
libexempi3-32bit-2.2.2-6.3.1

Ссылки

Описание

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.

Затронутые продукты
openSUSE Leap 42.3:exempi-2.2.2-6.3.1
openSUSE Leap 42.3:exempi-tools-2.2.2-6.3.1
openSUSE Leap 42.3:libexempi-devel-2.2.2-6.3.1
openSUSE Leap 42.3:libexempi3-2.2.2-6.3.1
Ссылки

Описание

An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.

Затронутые продукты
openSUSE Leap 42.3:exempi-2.2.2-6.3.1
openSUSE Leap 42.3:exempi-tools-2.2.2-6.3.1
openSUSE Leap 42.3:libexempi-devel-2.2.2-6.3.1
openSUSE Leap 42.3:libexempi3-2.2.2-6.3.1
Ссылки