An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Exempi | Exempi_project | * | 2.4.4 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | exempi-0:2.2.0-9.el7 | * |
| Exempi | Ubuntu | artful | * |
| Exempi | Ubuntu | esm-infra/xenial | * |
| Exempi | Ubuntu | trusty | * |
| Exempi | Ubuntu | upstream | * |
| Exempi | Ubuntu | xenial | * |
References
- https://access.redhat.com/errata/RHSA-2019:2048
- https://bugs.freedesktop.org/show_bug.cgi?id=102484
- https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806
- https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html
- https://usn.ubuntu.com/3668-1/
- https://access.redhat.com/errata/RHSA-2019:2048
- https://bugs.freedesktop.org/show_bug.cgi?id=102484
- https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806
- https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html
- https://usn.ubuntu.com/3668-1/