Vulnerabilities > CVE-2017-18233 - Infinite Loop vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
exempi-project
debian
canonical
CWE-835
nessus

Summary

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1321.NASL
    descriptionAn issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.(CVE-2017-18233) An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.(CVE-2017-18234) An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.(CVE-2017-18236) An infinite loop has been discovered in Exempi in the way it handles Extensible Metadata Platform (XMP) data in QuickTime files. An attacker could cause a denial of service via a crafted file.(CVE-2017-18238) An integer wraparound, leading to a buffer overflow, was found in Exempi in the way it handles Adobe Photoshop Images. An attacker could exploit this to cause a denial of service via a crafted image file.(CVE-2018-7730)
    last seen2020-06-01
    modified2020-06-02
    plugin id130218
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130218
    titleAmazon Linux 2 : exempi (ALAS-2019-1321)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1321.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130218);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/18");
    
      script_cve_id("CVE-2017-18233", "CVE-2017-18234", "CVE-2017-18236", "CVE-2017-18238", "CVE-2018-7730");
      script_xref(name:"ALAS", value:"2019-1321");
    
      script_name(english:"Amazon Linux 2 : exempi (ALAS-2019-1321)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An issue was discovered in Exempi before 2.4.4. Integer overflow in
    the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows
    remote attackers to cause a denial of service (infinite loop) via
    crafted XMP data in a .avi file.(CVE-2017-18233)
    
    An issue was discovered in Exempi before 2.4.3. It allows remote
    attackers to cause a denial of service (invalid memcpy with resultant
    use-after-free) or possibly have unspecified other impact via a .pdf
    file containing JPEG data, related to
    XMPFiles/source/FormatSupport/ReconcileTIFF.cpp,
    XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and
    XMPFiles/source/FormatSupport/TIFF_Support.hpp.(CVE-2017-18234)
    
    An issue was discovered in Exempi before 2.4.4. The
    ASF_Support::ReadHeaderObject function in
    XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers
    to cause a denial of service (infinite loop) via a crafted .asf
    file.(CVE-2017-18236)
    
    An infinite loop has been discovered in Exempi in the way it handles
    Extensible Metadata Platform (XMP) data in QuickTime files. An
    attacker could cause a denial of service via a crafted
    file.(CVE-2017-18238)
    
    An integer wraparound, leading to a buffer overflow, was found in
    Exempi in the way it handles Adobe Photoshop Images. An attacker could
    exploit this to cause a denial of service via a crafted image
    file.(CVE-2018-7730)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1321.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update exempi' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:exempi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:exempi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:exempi-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"exempi-2.2.0-9.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"exempi-debuginfo-2.2.0-9.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"exempi-devel-2.2.0-9.amzn2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exempi / exempi-debuginfo / exempi-devel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2373.NASL
    descriptionAccording to the versions of the exempi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.(CVE-2017-18233) - An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.(CVE-2017-18236) - An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.(CVE-2017-18238) - An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.(CVE-2018-7730) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131865
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131865
    titleEulerOS 2.0 SP2 : exempi (EulerOS-SA-2019-2373)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131865);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2017-18233",
        "CVE-2017-18236",
        "CVE-2017-18238",
        "CVE-2018-7730"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : exempi (EulerOS-SA-2019-2373)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the exempi package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - An issue was discovered in Exempi before 2.4.4. Integer
        overflow in the Chunk class in
        XMPFiles/source/FormatSupport/RIFF.cpp allows remote
        attackers to cause a denial of service (infinite loop)
        via crafted XMP data in a .avi file.(CVE-2017-18233)
    
      - An issue was discovered in Exempi before 2.4.4. The
        ASF_Support::ReadHeaderObject function in
        XMPFiles/source/FormatSupport/ASF_Support.cpp allows
        remote attackers to cause a denial of service (infinite
        loop) via a crafted .asf file.(CVE-2017-18236)
    
      - An issue was discovered in Exempi before 2.4.4. The
        TradQT_Manager::ParseCachedBoxes function in
        XMPFiles/source/FormatSupport/QuickTime_Support.cpp
        allows remote attackers to cause a denial of service
        (infinite loop) via crafted XMP data in a .qt
        file.(CVE-2017-18238)
    
      - An issue was discovered in Exempi through 2.4.4. A
        certain case of a 0xffffffff length is mishandled in
        XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp,
        leading to a heap-based buffer over-read in the
        PSD_MetaHandler::CacheFileData()
        function.(CVE-2018-7730)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2373
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?50f8944d");
      script_set_attribute(attribute:"solution", value:
    "Update the affected exempi packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:exempi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["exempi-2.2.0-8.h2"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exempi");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3389-1.NASL
    descriptionThis update for exempi fixes the following security issues : CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file (bsc#1085584). CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file (bsc#1085583). CVE-2018-7728: Fixed heap-based buffer overflow, which allowed denial of service via crafted TIFF image (bsc#1085297). CVE-2018-7730: Fixed heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295). CVE-2017-18236: The ASF_Support::ReadHeaderObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted .asf file (bsc#1085589). CVE-2017-18234: Prevent use-after-free that allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a .pdf file containing JPEG data (bsc#1085585). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118390
    published2018-10-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118390
    titleSUSE SLED12 / SLES12 Security Update : exempi (SUSE-SU-2018:3389-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3389-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118390);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2017-18233", "CVE-2017-18234", "CVE-2017-18236", "CVE-2017-18238", "CVE-2018-7728", "CVE-2018-7730");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : exempi (SUSE-SU-2018:3389-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for exempi fixes the following security issues :
    
    CVE-2017-18233: Prevent integer overflow in the Chunk class that
    allowed remote attackers to cause a denial of service (infinite loop)
    via crafted XMP data in a .avi file (bsc#1085584).
    
    CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed
    remote attackers to cause a denial of service (infinite loop) via
    crafted XMP data in a .qt file (bsc#1085583).
    
    CVE-2018-7728: Fixed heap-based buffer overflow, which allowed denial
    of service via crafted TIFF image (bsc#1085297).
    
    CVE-2018-7730: Fixed heap-based buffer overflow in
    XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295).
    
    CVE-2017-18236: The ASF_Support::ReadHeaderObject function allowed
    remote attackers to cause a denial of service (infinite loop) via a
    crafted .asf file (bsc#1085589).
    
    CVE-2017-18234: Prevent use-after-free that allowed remote attackers
    to cause a denial of service or possibly have unspecified other impact
    via a .pdf file containing JPEG data (bsc#1085585).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085297"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085584"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085585"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085589"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18233/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18234/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18236/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18238/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7728/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7730/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183389-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0df66fb9"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-2434=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-2434=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2018-2434=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:exempi-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libexempi3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libexempi3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", reference:"exempi-debugsource-2.2.1-5.7.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libexempi3-2.2.1-5.7.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libexempi3-debuginfo-2.2.1-5.7.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"exempi-debugsource-2.2.1-5.7.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libexempi3-2.2.1-5.7.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libexempi3-debuginfo-2.2.1-5.7.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exempi");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-C442AAD4DC.NASL
    descriptionVersion **2.4.5** fixes the following security issues : - **CVE-2018-7728** - **CVE-2018-7729** - **CVE-2018-7730** - **CVE-2018-7731** Version **2.4.4** fixes the following security issues : - **CVE-2017-18233** - **CVE-2017-18236** Version **2.4.3** fixes the following security issues : - **CVE-2017-18234** - **CVE-2017-18235** - **CVE-2017-18237** Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-04-05
    plugin id108839
    published2018-04-05
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108839
    titleFedora 27 : exempi (2018-c442aad4dc)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-c442aad4dc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108839);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-18233", "CVE-2017-18234", "CVE-2017-18235", "CVE-2017-18236", "CVE-2017-18237", "CVE-2018-7728", "CVE-2018-7729", "CVE-2018-7730", "CVE-2018-7731");
      script_xref(name:"FEDORA", value:"2018-c442aad4dc");
    
      script_name(english:"Fedora 27 : exempi (2018-c442aad4dc)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Version **2.4.5** fixes the following security issues :
    
      - **CVE-2018-7728**
    
      - **CVE-2018-7729**
    
      - **CVE-2018-7730**
    
      - **CVE-2018-7731**
    
    Version **2.4.4** fixes the following security issues :
    
      - **CVE-2017-18233**
    
      - **CVE-2017-18236**
    
    Version **2.4.3** fixes the following security issues :
    
      - **CVE-2017-18234**
    
      - **CVE-2017-18235**
    
      - **CVE-2017-18237**
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c442aad4dc"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected exempi package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:exempi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"exempi-2.4.5-1.fc27")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exempi");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2048.NASL
    descriptionAn update for exempi is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. Security Fix(es) : * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/ RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file containing JPEG data (CVE-2017-18234) * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles /source/FormatSupport/ASF_Support.cpp (CVE-2017-18236) * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp (CVE-2017-18238) * exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for denial of service via crafted XLS file (CVE-2018-7730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127658
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127658
    titleRHEL 7 : exempi (RHSA-2019:2048)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:2048. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127658);
      script_version("1.5");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2017-18233", "CVE-2017-18234", "CVE-2017-18236", "CVE-2017-18238", "CVE-2018-7730");
      script_xref(name:"RHSA", value:"2019:2048");
    
      script_name(english:"RHEL 7 : exempi (RHSA-2019:2048)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for exempi is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    Exempi provides a library for easy parsing of XMP metadata. It is a
    port of Adobe XMP SDK to work on UNIX and to be build with GNU
    automake. It includes XMPCore and XMPFiles.
    
    Security Fix(es) :
    
    * exempi: Infinite Loop in Chunk class in
    XMPFiles/source/FormatSupport/ RIFF.cpp (CVE-2017-18233)
    
    * exempi: Use after free via a PDF file containing JPEG data
    (CVE-2017-18234)
    
    * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in
    XMPFiles /source/FormatSupport/ASF_Support.cpp (CVE-2017-18236)
    
    * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function
    in XMPFiles/source/FormatSupport/QuickTime_Support.cpp
    (CVE-2017-18238)
    
    * exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData
    function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows
    for denial of service via crafted XLS file (CVE-2018-7730)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.7 Release Notes linked from the References section."
      );
      # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3395ff0b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:2048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-18233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-18234"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-18236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-18238"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-7730"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected exempi, exempi-debuginfo and / or exempi-devel
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:exempi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:exempi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:exempi-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:2048";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", reference:"exempi-2.2.0-9.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"exempi-debuginfo-2.2.0-9.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"exempi-devel-2.2.0-9.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exempi / exempi-debuginfo / exempi-devel");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2048.NASL
    descriptionAn update for exempi is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. Security Fix(es) : * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/ RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file containing JPEG data (CVE-2017-18234) * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles /source/FormatSupport/ASF_Support.cpp (CVE-2017-18236) * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp (CVE-2017-18238) * exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for denial of service via crafted XLS file (CVE-2018-7730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128339
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128339
    titleCentOS 7 : exempi (CESA-2019:2048)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3668-1.NASL
    descriptionIt was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110321
    published2018-06-05
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110321
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : exempi vulnerabilities (USN-3668-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0186_EXEMPI.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has exempi packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp. (CVE-2017-18234) - An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. (CVE-2017-18238) - An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. (CVE-2018-7730) - An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. (CVE-2017-18236) - An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file. (CVE-2017-18233) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129906
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129906
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : exempi Multiple Vulnerabilities (NS-SA-2019-0186)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1022.NASL
    descriptionThis update for exempi fixes the following security issue : - CVE-2017-18236: The ASF_Support::ReadHeaderObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted .asf file (bsc#1085589) - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file (bsc#1085584) - CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file (bsc#1085583)
    last seen2020-06-05
    modified2018-09-24
    plugin id117655
    published2018-09-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117655
    titleopenSUSE Security Update : exempi (openSUSE-2018-1022)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2143.NASL
    descriptionAccording to the versions of the exempi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.(CVE-2017-18236) - An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.(CVE-2017-18238) - An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.(CVE-2017-18233) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-12
    plugin id130852
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130852
    titleEulerOS 2.0 SP5 : exempi (EulerOS-SA-2019-2143)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1310.NASL
    descriptionVarious issues were discovered in exempi, a library to parse XMP metadata that may cause a denial of service or may have other unspecified impact via crafted files. CVE-2017-18233 An Integer overflow in the Chunk class in RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in an .avi file. CVE-2017-18234 An issue was discovered that allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data. CVE-2017-18236 The ASF_Support::ReadHeaderObject function in ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. CVE-2017-18238 The TradQT_Manager::ParseCachedBoxes function in QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. CVE-2018-7728 TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in MD5.cpp. CVE-2018-7730 A certain case of a 0xffffffff length is mishandled in PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. For Debian 7
    last seen2020-03-17
    modified2018-03-22
    plugin id108522
    published2018-03-22
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108522
    titleDebian DLA-1310-1 : exempi security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2575.NASL
    descriptionAccording to the versions of the exempi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.(CVE-2017-18233) - An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.(CVE-2017-18236) - An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.(CVE-2017-18238) - An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.(CVE-2018-7730) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-19
    plugin id132292
    published2019-12-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132292
    titleEulerOS 2.0 SP3 : exempi (EulerOS-SA-2019-2575)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_EXEMPI_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233) - exempi: Use after free via a PDF file containing JPEG data (CVE-2017-18234) - exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp (CVE-2017-18236) - exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp (CVE-2017-18238) - exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for denial of service via crafted XLS file (CVE-2018-7730)
    last seen2020-03-18
    modified2019-08-27
    plugin id128215
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128215
    titleScientific Linux Security Update : exempi on SL7.x x86_64 (20190806)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0228_EXEMPI.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has exempi packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp. (CVE-2017-18234) - An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. (CVE-2017-18238) - An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. (CVE-2018-7730) - An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. (CVE-2017-18236) - An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file. (CVE-2017-18233) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132444
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132444
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : exempi Multiple Vulnerabilities (NS-SA-2019-0228)

Redhat

advisories
rhsa
idRHSA-2019:2048
rpms
  • exempi-0:2.2.0-9.el7
  • exempi-debuginfo-0:2.2.0-9.el7
  • exempi-devel-0:2.2.0-9.el7