Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
patchinfo.6890
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.6890
<patchinfo incident="6890"> <issue id="1085583" tracker="bnc">VUL-1: CVE-2017-18238: exempi: TheTradQT_Manager::ParseCachedBoxes function inXMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers tocause a denial of service</issue> <issue id="1085584" tracker="bnc">VUL-1: CVE-2017-18233: exempi: Integer overflow in the Chunkclass in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to causea denial of service (infinite loop)</issue> <issue id="2017-18233" tracker="cve" /> <issue id="2017-18238" tracker="cve" /> <issue id="1085295" tracker="bnc">VUL-1: CVE-2018-7730 exempi: Heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp:PSD_MetaHandler::CacheFileData() allows for denial of service via crafted xls file</issue> <issue id="1085297" tracker="bnc">VUL-1: CVE-2018-7728: exempi: Heap-based buffer overflow in third-party/zuid/interfaces/MD5.cpp:MD5Update() allows for denial of service via crafted TIFF image</issue> <issue id="1085585" tracker="bnc">VUL-0: CVE-2017-18234: exempi: It allows remote attackers tocause a denial of service (invalid memcpy with resultant use-after-free) orpossibly have unspecified other impact via a .pdf file</issue> <issue id="1085589" tracker="bnc">VUL-1: CVE-2017-18236: exempi: TheASF_Support::ReadHeaderObject function inXMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause adenial of service (infinite loop)</issue> <issue id="2017-18234" tracker="cve" /> <issue id="2017-18236" tracker="cve" /> <issue id="2018-7730" tracker="cve" /> <issue id="2018-7728" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>kbabioch</packager> <description>This update for exempi fixes the following security issues: - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file (bsc#1085584). - CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file (bsc#1085583). - CVE-2018-7728: Fixed heap-based buffer overflow, which allowed denial of service via crafted TIFF image (bsc#1085297). - CVE-2018-7730: Fixed heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295). - CVE-2017-18236: The ASF_Support::ReadHeaderObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted .asf file (bsc#1085589). - CVE-2017-18234: Prevent use-after-free that allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a .pdf file containing JPEG data (bsc#1085585). </description> <summary>Security update for exempi</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor