Published: 06/03/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in Exempi up to and including 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exempi project exempi
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
debian debian linux 7.0

Debian Bug report logs - #892782 CVE-2018-7728 / CVE-2018-7729 / CVE-2018-7730 / CVE-2018-7731 Package: libexempi3; Maintainer for libexempi3 is Michael Biebl <biebl@debianorg>; Source for libexempi3 is src:exempi (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 12 Mar 2018 20:15:05 ...

Exempi could be made to crash or run programs if it opened a specially crafted file ...

An out-of-bounds read vulnerability has been discovered in Exempi in the way it handles Extensible Metadata Platform (XMP) data in TIFF images An attacker could cause a denial of service by convincing a user to open a crafted TIFF image file ...

CWE-125 https://cgit.freedesktop.org/exempi/commit/?id=e163667a06a9b656a047b0ec660b871f29a83c9f https://bugs.freedesktop.org/show_bug.cgi?id=105205 https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html https://usn.ubuntu.com/3668-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782 https://usn.ubuntu.com/3668-1/https://nvd.nist.gov

CVE-2018-7728

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect