Published: 06/03/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in Exempi up to and including 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exempi project exempi
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10

Debian Bug report logs - #892782 CVE-2018-7728 / CVE-2018-7729 / CVE-2018-7730 / CVE-2018-7731 Package: libexempi3; Maintainer for libexempi3 is Michael Biebl <biebl@debianorg>; Source for libexempi3 is src:exempi (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 12 Mar 2018 20:15:05 ...

Exempi could be made to crash or run programs if it opened a specially crafted file ...

An issue was discovered in Exempi through 244 XMPFiles/source/FormatSupport/WEBP_Supportcpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class ...

CWE-476 https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666 https://bugs.freedesktop.org/show_bug.cgi?id=105247 https://usn.ubuntu.com/3668-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892782 https://usn.ubuntu.com/3668-1/https://nvd.nist.gov

CVE-2018-7731

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect