Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 649950 (CVE-2018-7728, CVE-2018-7729, CVE-2018-7730, CVE-2018-7731) - <media-libs/exempi-2.4.5: Multiple vulnerabilities
Summary: <media-libs/exempi-2.4.5: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-7728, CVE-2018-7729, CVE-2018-7730, CVE-2018-7731
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-08 19:54 UTC by GLSAMaker/CVETool Bot
Modified: 2018-04-22 21:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-03-08 19:54:28 UTC
CVE-2018-7731 (https://nvd.nist.gov/vuln/detail/CVE-2018-7731):
  An issue was discovered in Exempi through 2.4.4.
  XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a
  bitstream has a NULL value, leading to a NULL pointer dereference in the
  WEBP::VP8XChunk class.

CVE-2018-7730 (https://nvd.nist.gov/vuln/detail/CVE-2018-7730):
  An issue was discovered in Exempi through 2.4.4. A certain case of a
  0xffffffff length is mishandled in
  XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based
  buffer over-read in the PSD_MetaHandler::CacheFileData() function.

CVE-2018-7729 (https://nvd.nist.gov/vuln/detail/CVE-2018-7729):
  An issue was discovered in Exempi through 2.4.4. There is a stack-based
  buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in
  XMPFiles/source/FileHandlers/PostScript_Handler.cpp.

CVE-2018-7728 (https://nvd.nist.gov/vuln/detail/CVE-2018-7728):
  An issue was discovered in Exempi through 2.4.4.
  XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero
  length, leading to a heap-based buffer over-read in the MD5Update() function
  in third-party/zuid/interfaces/MD5.cpp.
Comment 1 Gilles Dartiguelongue gentoo-dev 2018-03-25 21:14:32 UTC
These are supposed to be fixed in 2.4.5 release.
Comment 2 Larry the Git Cow gentoo-dev 2018-03-25 21:33:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b566633d73ffee4a83dd4ed6cf2c411a297b3763

commit b566633d73ffee4a83dd4ed6cf2c411a297b3763
Author:     Gilles Dartiguelongue <eva@gentoo.org>
AuthorDate: 2018-03-25 21:21:23 +0000
Commit:     Gilles Dartiguelongue <eva@gentoo.org>
CommitDate: 2018-03-25 21:32:58 +0000

    media-libs/exempi: version bump to 2.4.5 fixing multiple security issues
    
    Bug: https://bugs.gentoo.org/649950
    Bug: https://bugs.gentoo.org/650714
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 media-libs/exempi/Manifest            |  1 +
 media-libs/exempi/exempi-2.4.5.ebuild | 52 +++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)}
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-04-22 21:07:04 UTC
GLSA Vote: No

Cleanup will happen in bug 650714