SB2018040206 - Denial of service in Exempi 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018040206

SB2018040206 - Denial of service in Exempi

Published: April 2, 2018 Updated: April 11, 2018

Security Bulletin ID SB2018040206
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2017-18238)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the TradQT_Manager::ParseCachedBoxesfunction defined in the source code file XMPFiles/source/FormatSupport/QuickTime_Support.cpp due to infinite loop when handling Extensible Metadata Platform (XMP) data in .qt files. A remote attacker can trick the victim into accessing a specially crafted .qtfile, trigger memory corruption and cause the service to crash.

2) NULL pointer dereference (CVE-ID: CVE-2017-18237)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the PostScript_Support::ConvertToDate function in the source code file XMPFiles/source/FormatSupport/PostScript_Support.cpp due to invalid pointer dereference when handling PostScript (.ps) files. A remote attacker can trick the victim into accessing a specially crafted .ps file and cause the service to crash.

3) Memory corruption (CVE-ID: CVE-2017-18233)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Chunk class in the source code file XMPFiles/source/FormatSupport/RIFF.cpp due to integer overflow and infinite loop when handling Extensible Metadata Platform (XMP) data in .avifiles. A remote attacker can trick the victim into accessing a specially crafted .avi file, trigger memory corruption and cause the service to crash.

4) Use-after-free error (CVE-ID: CVE-2017-18234)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to improper processing of a file that contains JPEG data related to the XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp and XMPFiles/source/FormatSupport/TIFF_Support.hpp source code files. A remote attacker can trick the victim into accessing a file that contains customized JPEG data that submits malicious input, trigger use after free and cause the service to crash.


Remediation

Install update from vendor's website.

References