OESA-2023-1690

Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.(CVE-2020-18651)

Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.(CVE-2020-18652)

XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.(CVE-2021-40732)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP3 / exempi

Package

Name: exempi
Purl: pkg:rpm/openEuler/exempi&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.5-5.oe1

Ecosystem specific

{
    "src": [
        "exempi-2.4.5-5.oe1.src.rpm"
    ],
    "x86_64": [
        "exempi-debuginfo-2.4.5-5.oe1.x86_64.rpm",
        "exempi-devel-2.4.5-5.oe1.x86_64.rpm",
        "exempi-debugsource-2.4.5-5.oe1.x86_64.rpm",
        "exempi-2.4.5-5.oe1.x86_64.rpm",
        "exempi-help-2.4.5-5.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "exempi-help-2.4.5-5.oe1.aarch64.rpm",
        "exempi-debuginfo-2.4.5-5.oe1.aarch64.rpm",
        "exempi-debugsource-2.4.5-5.oe1.aarch64.rpm",
        "exempi-devel-2.4.5-5.oe1.aarch64.rpm",
        "exempi-2.4.5-5.oe1.aarch64.rpm"
    ]
}