Denial of service in Exempi
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-7729 CVE-2018-7731 CVE-2018-7730 CVE-2018-7728 |
| CWE-ID | CWE-122 CWE-476 CWE-126 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software Subscribe |
Exempi Client/Desktop applications / Multimedia software |
| Vendor | Freedesktop.org |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU11087
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7729
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the PostScript_MetaHandler::ParsePSFile() function due to heap-based buffer overflow. A local attacker can send a specially crafted file, trigger memory corruption and cause the service to crash.
Update to version 2.4.5.
Vulnerable software versionsExempi: 2.1.0 - 2.4.4
CPE2.3- cpe:2.3:a:freedesktop_org:exempi:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.2.0:*:*:*:*:*:*:*
http://cgit.freedesktop.org/exempi/tree/NEWS
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) NULL pointer dereference
EUVDB-ID: #VU11079
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7731
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the WEBP::VP8XChunk::VP8XChunk() function due to NULL pointer dereference. A local attacker can submit a specially crafted file, trigger memory corruption and cause the service to crash.
Update to version 2.4.5.
Vulnerable software versionsExempi: 2.1.0 - 2.4.4
CPE2.3- cpe:2.3:a:freedesktop_org:exempi:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.2.0:*:*:*:*:*:*:*
http://cgit.freedesktop.org/exempi/tree/NEWS
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Heap-based buffer over-read
EUVDB-ID: #VU11078
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7730
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness in the PSD_MetaHandler::CacheFileData() function is due to heap-based buffer over-read. A local attacker can submit a specially crafted .xls file, trigger memory corruption and cause the service to crash.
Update to version 2.4.5.
Vulnerable software versionsExempi: 2.1.0 - 2.4.4
CPE2.3- cpe:2.3:a:freedesktop_org:exempi:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.2.0:*:*:*:*:*:*:*
http://cgit.freedesktop.org/exempi/tree/NEWS
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Heap-based buffer over-read
EUVDB-ID: #VU11077
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7728
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness in the MD5Update() function is due to heap-based buffer over-read. A local attacker can submit a specially crafted file, trigger memory corruption and cause the service to crash.
Update to version 2.4.5.
Vulnerable software versionsExempi: 2.1.0 - 2.4.4
CPE2.3- cpe:2.3:a:freedesktop_org:exempi:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.2.0:*:*:*:*:*:*:*
http://cgit.freedesktop.org/exempi/tree/NEWS
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
