exempi-2.4.5-4.el8

エラータID: AXSA:2024-8237:01

Release date: 
Saturday, June 15, 2024 - 04:21
Subject: 
exempi-2.4.5-4.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Exempi provides a library for easy parsing of XMP metadata.

Security Fix(es):

* exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651)
* exempi: denial of service via opening of crafted webp file (CVE-2020-18652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.10 Release Notes linked from the References section.

CVE-2020-18651
Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.
CVE-2020-18652
Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.

Solution: 

Update packages.

CVEs: 
CVE-2020-18651
Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.
CVE-2020-18652
Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.
Additional Info: 

N/A

Download: 

SRPMS
  1. exempi-2.4.5-4.el8.src.rpm
    MD5: 01ddcb0f44b7d834000f91b90e3bf7bd
    SHA-256: 026e09de404a0a86cfb584f64903c1e1c8a306a4eb4212f8abe9273ac343a9bd
    Size: 3.46 MB

Asianux Server 8 for x86_64
  1. exempi-2.4.5-4.el8.i686.rpm
    MD5: b1086b0b14b1dbb91362c38d0e99d84b
    SHA-256: a54bad3449326f47f9911d426c72fbd98f9dce56e01192f7014f738d6a7c7d0c
    Size: 690.44 kB
  2. exempi-2.4.5-4.el8.x86_64.rpm
    MD5: a26a054c0ab5b74d549a88992ab8211d
    SHA-256: d34bd2bb3b5bfea9254d3fa019f917772d6716f35955660213cb8f398c206a7e
    Size: 637.10 kB
  3. exempi-devel-2.4.5-4.el8.i686.rpm
    MD5: 17b4f3017d8d0b836c499f841e2dce6e
    SHA-256: fb0574f76c04befb81a31d082e0740026887bfe3ad9a863d723ff9b436b5205a
    Size: 22.11 kB
  4. exempi-devel-2.4.5-4.el8.x86_64.rpm
    MD5: 031cef737c54bf43132126f28e1e6e19
    SHA-256: 4ec7b9a5a23aea4b31523f705391799175f756ca54c9e2edd585fc49528994ea
    Size: 22.09 kB