Описание
Security update for exempi
This update for exempi fixes the following security issue:
- CVE-2017-18236: The ASF_Support::ReadHeaderObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted .asf file (bsc#1085589)
- CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file (bsc#1085584)
- CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file (bsc#1085583)
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:2764-1
- SUSE Security Ratings
Описание
An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.
Затронутые продукты
Ссылки
- CVE-2017-18233
- SUSE Bug 1085584
- SUSE Bug 1085585
Описание
An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.
Затронутые продукты
Ссылки
- CVE-2017-18236
- SUSE Bug 1085585
- SUSE Bug 1085589
Описание
An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.
Затронутые продукты
Ссылки
- CVE-2017-18238
- SUSE Bug 1085583
- SUSE Bug 1085585