 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2018.0239 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2018-0239) |
| Resumen: | The remote host is missing an update for the 'exempi' package(s) announced via the MGASA-2018-0239 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'exempi' package(s) announced via the MGASA-2018-0239 advisory. Vulnerability Insight: An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in PostScript_Handler.cpp (CVE-2018-7729). An issue was discovered in Exempi through 2.4.4. WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class (CVE-2018-7731). An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file (CVE-2017-18233). An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to ReconcileTIFF.cpp, TIFF_MemoryReader.cpp, and TIFF_Support.hpp (CVE-2017-18234). An issue was discovered in Exempi before 2.4.3. The VPXChunk class in WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file (CVE-2017-18235). An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file (CVE-2017-18236). An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file (CVE-2017-18237). Affected Software/OS: 'exempi' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-18233 https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html RedHat Security Advisories: RHSA-2019:2048 https://access.redhat.com/errata/RHSA-2019:2048 https://usn.ubuntu.com/3668-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-18234 Common Vulnerability Exposure (CVE) ID: CVE-2017-18235 Common Vulnerability Exposure (CVE) ID: CVE-2017-18236 Common Vulnerability Exposure (CVE) ID: CVE-2017-18237 Common Vulnerability Exposure (CVE) ID: CVE-2018-7729 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/ https://bugs.freedesktop.org/show_bug.cgi?id=105206 https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c Common Vulnerability Exposure (CVE) ID: CVE-2018-7731 https://bugs.freedesktop.org/show_bug.cgi?id=105247 https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |