exempi-tools-2.5.2-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10745 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z exempi-tools-2.5.2-1.3 on GA media These are all security issues fixed in the exempi-tools-2.5.2-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10745 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10745 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-12648/ SUSE CVE CVE-2018-12648 page https://www.suse.com/security/cve/CVE-2018-7728/ SUSE CVE CVE-2018-7728 page https://www.suse.com/security/cve/CVE-2018-7729/ SUSE CVE CVE-2018-7729 page https://www.suse.com/security/cve/CVE-2018-7730/ SUSE CVE CVE-2018-7730 page https://www.suse.com/security/cve/CVE-2018-7731/ SUSE CVE CVE-2018-7731 page openSUSE Tumbleweed exempi-tools-2.5.2-1.3 libexempi-devel-2.5.2-1.3 libexempi8-2.5.2-1.3 libexempi8-32bit-2.5.2-1.3 exempi-tools-2.5.2-1.3 as a component of openSUSE Tumbleweed libexempi-devel-2.5.2-1.3 as a component of openSUSE Tumbleweed libexempi8-2.5.2-1.3 as a component of openSUSE Tumbleweed libexempi8-32bit-2.5.2-1.3 as a component of openSUSE Tumbleweed The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. CVE-2018-12648 openSUSE Tumbleweed:exempi-tools-2.5.2-1.3 openSUSE Tumbleweed:libexempi-devel-2.5.2-1.3 openSUSE Tumbleweed:libexempi8-2.5.2-1.3 openSUSE Tumbleweed:libexempi8-32bit-2.5.2-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12648.html CVE-2018-12648 https://bugzilla.suse.com/1098946 SUSE Bug 1098946 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. CVE-2018-7728 openSUSE Tumbleweed:exempi-tools-2.5.2-1.3 openSUSE Tumbleweed:libexempi-devel-2.5.2-1.3 openSUSE Tumbleweed:libexempi8-2.5.2-1.3 openSUSE Tumbleweed:libexempi8-32bit-2.5.2-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7728.html CVE-2018-7728 https://bugzilla.suse.com/1085297 SUSE Bug 1085297 https://bugzilla.suse.com/1085585 SUSE Bug 1085585 An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. CVE-2018-7729 openSUSE Tumbleweed:exempi-tools-2.5.2-1.3 openSUSE Tumbleweed:libexempi-devel-2.5.2-1.3 openSUSE Tumbleweed:libexempi8-2.5.2-1.3 openSUSE Tumbleweed:libexempi8-32bit-2.5.2-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7729.html CVE-2018-7729 https://bugzilla.suse.com/1085296 SUSE Bug 1085296 https://bugzilla.suse.com/1085585 SUSE Bug 1085585 An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. CVE-2018-7730 openSUSE Tumbleweed:exempi-tools-2.5.2-1.3 openSUSE Tumbleweed:libexempi-devel-2.5.2-1.3 openSUSE Tumbleweed:libexempi8-2.5.2-1.3 openSUSE Tumbleweed:libexempi8-32bit-2.5.2-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7730.html CVE-2018-7730 https://bugzilla.suse.com/1085295 SUSE Bug 1085295 https://bugzilla.suse.com/1085585 SUSE Bug 1085585 https://bugzilla.suse.com/1103718 SUSE Bug 1103718 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. CVE-2018-7731 openSUSE Tumbleweed:exempi-tools-2.5.2-1.3 openSUSE Tumbleweed:libexempi-devel-2.5.2-1.3 openSUSE Tumbleweed:libexempi8-2.5.2-1.3 openSUSE Tumbleweed:libexempi8-32bit-2.5.2-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7731.html CVE-2018-7731 https://bugzilla.suse.com/1085294 SUSE Bug 1085294 https://bugzilla.suse.com/1085585 SUSE Bug 1085585