CVE-2018-7731 (https://nvd.nist.gov/vuln/detail/CVE-2018-7731): An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. CVE-2018-7730 (https://nvd.nist.gov/vuln/detail/CVE-2018-7730): An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. CVE-2018-7729 (https://nvd.nist.gov/vuln/detail/CVE-2018-7729): An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. CVE-2018-7728 (https://nvd.nist.gov/vuln/detail/CVE-2018-7728): An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.
These are supposed to be fixed in 2.4.5 release.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b566633d73ffee4a83dd4ed6cf2c411a297b3763 commit b566633d73ffee4a83dd4ed6cf2c411a297b3763 Author: Gilles Dartiguelongue <eva@gentoo.org> AuthorDate: 2018-03-25 21:21:23 +0000 Commit: Gilles Dartiguelongue <eva@gentoo.org> CommitDate: 2018-03-25 21:32:58 +0000 media-libs/exempi: version bump to 2.4.5 fixing multiple security issues Bug: https://bugs.gentoo.org/649950 Bug: https://bugs.gentoo.org/650714 Package-Manager: Portage-2.3.24, Repoman-2.3.6 media-libs/exempi/Manifest | 1 + media-libs/exempi/exempi-2.4.5.ebuild | 52 +++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+)}
GLSA Vote: No Cleanup will happen in bug 650714
