Operating System:

[UNIX/Linux][Debian]

Published:

22 March 2018

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ESB-2018.0818 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0818
                       Debian exempi security update
                               22 March 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           exempi
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Denial of Service        -- Remote with User Interaction
                   Access Confidential Data -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-7730 CVE-2018-7728 CVE-2017-18238
                   CVE-2017-18236 CVE-2017-18234 CVE-2017-18233

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running exempi check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : exempi
Version        : 2.2.0-1+deb7u1
CVE ID         : CVE-2017-18233 CVE-2017-18234 CVE-2017-18236
                 CVE-2017-18238 CVE-2018-7728 CVE-2018-7730

Various issues were discovered in exempi, a library to parse XMP
metadata that may cause a denial-of-service or may have other
unspecified impact via crafted files.


CVE-2017-18233
    An Integer overflow in the Chunk class in RIFF.cpp allows remote
    attackers to cause a denial of service (infinite loop) via crafted
    XMP data in an .avi file.

CVE-2017-18234
    An issue was discovered that allows remote attackers to cause a
    denial of service (invalid memcpy with resultant use-after-free)
    or possibly have unspecified other impact via a .pdf file containing
    JPEG data.

CVE-2017-18236
    The ASF_Support::ReadHeaderObject function in ASF_Support.cpp allows
    remote attackers to cause a denial of service (infinite loop) via a
    crafted .asf file.

CVE-2017-18238
    The TradQT_Manager::ParseCachedBoxes function in
    QuickTime_Support.cpp allows remote attackers to cause
    a denial of service (infinite loop) via crafted XMP data in
    a .qt file.

CVE-2018-7728
   TIFF_Handler.cpp mishandles a case of a zero length, leading to a
   heap-based buffer over-read in the MD5Update() function in
   MD5.cpp.

CVE-2018-7730
    A certain case of a 0xffffffff length is mishandled in
    PSIR_FileWriter.cpp, leading to a heap-based buffer over-read
    in the PSD_MetaHandler::CacheFileData() function.

For Debian 7 "Wheezy", these problems have been fixed in version
2.2.0-1+deb7u1.

We recommend that you upgrade your exempi packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqyqUtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQckQ//X7YeaIdTiyms624u5vpcDmB9IEE/P/6ujdN439RHzEEgR3NFSTMw1HiI
9oFhY5S0Wl8QRdfUUWZJZMvPoGjo7Uo1YABQC8pLMmIP8CJjK3vAaVE7jVeSOtnV
l3X8jmboCtSB46ijsGCzSeSVEilyzwNh0U8o4MWSIUwnebaIKZ4ZPmRTR/M7iRVp
+lVFugodF0uhCB7WrjfZdlavr5r1hy7bhwmSLEvlECHw/rGyMOZNE9AFGJareqsl
4CQwuZuSXl4DRsGtJCWs/CIO7LHKRUqMePBDGyBYqHv7jwRasoo1K6jQgCHrlEqQ
jagUEEubH1ydw1/udlYwkfixk42j25JhzEbfyymzfxV7Nk0WV3o68/FQa3+Jpvre
U20KhFaEITd6ORwHkBeC8gquk92P+b7hFwYj0ovyV4LQukKzIHoYc3dt0nV7eb0+
uaKnWxIszMqucea2E98bfEtTEt6VczRSFdqzH6+PAzq0i6Sv5qg4sEERd3MjvFsn
Tq5L+rMrScQyI0fbhy4Sei5TAYquBA8KP0VxmXhkkAfnSyIH+5waLeexPpgi5oX9
ShIGEjLnsG1bt4CCPe5lNzhzNE4fZIsc7mff0iwgoXYA4TIsZwgTBXFQS5SV3wDb
npngL7fZ/tJ0QVySxIx8v3YddqF0EL7MWDeBsOtfN3vq/VZCASk=
=DW/l
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWrNOg4x+lLeg9Ub1AQiNfg//Rxe2+yAMskNqdfUPHgsfMeNjdtu3quiB
vJ6SMSRAzZ0ctifTKu2NlaPhHZbdPtW4lkGMhAJ3TamfNpRBblJMBsxBl63iG6Ey
YWu+f0CzZND1NL6bKxfY5YIgSXtGznNB0F05d1eQxBVeqmxl7rVPLq+/stXBhNev
to5Ezu5zZl55odRiqD5osAD9gOo71RzSDeqaRuHAkYqLlrXf42gov3ssSqg39Tyr
3pixrX3G9hOHCsJdMANT6wyEXBBpgxKDxBot1b1QHwpwfsaSMljE+VK35IPDJVRT
OGAj8K15KJK96hwyszaAyAV+YnVw1xw0f+JndGNBnJ6uBKB9PAIrS6dsZtWNvjrK
XyrOhl2oNaLESd+bopKvII0Oq9AsoQHXsejObVwr8rUh9w5eCWHDO5jgF9GKYapZ
pwbDRkxrzMoWR4YIJbz694NsXip514Ht2cXzX0ehJcMWxDRM4ideYb36SJ94bilV
mkrfaDf9B/WQG2p6sZxXs6CLJ9v5sngKAwlNKoTjeFuLqu8+dLVIp1Wvt3r3dAJx
W5oCzhW5DGoal/4CSd1eT8ns1xTxdDuPMKE9BHdtDfkhxCzKNjq8/JI+PoQuD1nD
UNDRoDh1jO9Pz9bFkJGbW1VGX3SZZRdAXCaKWaONwk6H0OcXKUCoe4gbgOzUPOg/
E+A0KYngCGA=
=7z6x
-----END PGP SIGNATURE-----