Denial of service in Exempi
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-18238 CVE-2017-18237 CVE-2017-18233 CVE-2017-18234 |
| CWE-ID | CWE-835 CWE-476 CWE-119 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Exempi Client/Desktop applications / Multimedia software |
| Vendor | Freedesktop.org |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Infinite loop
EUVDB-ID: #VU11629
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-18238
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the TradQT_Manager::ParseCachedBoxesfunction defined in the source code file XMPFiles/source/FormatSupport/QuickTime_Support.cpp due to infinite loop when handling Extensible Metadata Platform (XMP) data in .qt files. A remote attacker can trick the victim into accessing a specially crafted .qtfile, trigger memory corruption and cause the service to crash.
Update to version 2.4.4.
Vulnerable software versionsExempi: 2.1.0 - 2.4.3
CPE2.3- cpe:2.3:a:freedesktop_org:exempi:2.1.0:*:*:*:*:libopenraw:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.1.1:*:*:*:*:libopenraw:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.2.0:*:*:*:*:libopenraw:*:*
https://bugs.freedesktop.org/show_bug.cgi?id=102483
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU11630
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-18237
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the PostScript_Support::ConvertToDate function in the source code file XMPFiles/source/FormatSupport/PostScript_Support.cpp due to invalid pointer dereference when handling PostScript (.ps) files. A remote attacker can trick the victim into accessing a specially crafted .ps file and cause the service to crash.
Update to version 2.4.3.
Vulnerable software versionsExempi: 2.1.0 - 2.4.2
CPE2.3- cpe:2.3:a:freedesktop_org:exempi:2.1.0:*:*:*:*:libopenraw:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.1.1:*:*:*:*:libopenraw:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.2.0:*:*:*:*:libopenraw:*:*
https://cgit.freedesktop.org/exempi/tree/NEWS
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU11631
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-18233
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Chunk class in the source code file XMPFiles/source/FormatSupport/RIFF.cpp due to integer overflow and infinite loop when handling Extensible Metadata Platform (XMP) data in .avifiles. A remote attacker can trick the victim into accessing a specially crafted .avi file, trigger memory corruption and cause the service to crash.
Update to version 2.4.4.
Vulnerable software versionsExempi: 2.1.0 - 2.4.3
CPE2.3- cpe:2.3:a:freedesktop_org:exempi:2.1.0:*:*:*:*:libopenraw:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.1.1:*:*:*:*:libopenraw:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.2.0:*:*:*:*:libopenraw:*:*
https://cgit.freedesktop.org/exempi/tree/NEWS
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free error
EUVDB-ID: #VU11756
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-18234
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper processing of a file that contains JPEG data related to the XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp and XMPFiles/source/FormatSupport/TIFF_Support.hpp source code files. A remote attacker can trick the victim into accessing a file that contains customized JPEG data that submits malicious input, trigger use after free and cause the service to crash.
MitigationUpdate to version 2.4.3.
Vulnerable software versionsExempi: 2.1.0 - 2.4.2
CPE2.3- cpe:2.3:a:freedesktop_org:exempi:2.1.0:*:*:*:*:libopenraw:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.1.1:*:*:*:*:libopenraw:*:*
- cpe:2.3:a:freedesktop_org:exempi:2.2.0:*:*:*:*:libopenraw:*:*
https://cgit.freedesktop.org/exempi/tree/NEWS
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
