Synopsis: Low: exempi security update
Advisory ID:       SLSA-2019:2048-1
Issue Date:        2019-08-06
CVE Numbers:       CVE-2018-7730
                   CVE-2017-18233
                   CVE-2017-18238
                   CVE-2017-18236
                   CVE-2017-18234
--

Security Fix(es):

* exempi: Infinite Loop in Chunk class in
XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233)

* exempi: Use after free via a PDF file containing JPEG data
(CVE-2017-18234)

* exempi: Infinite loop in ASF_Support::ReadHeaderObject function in
XMPFiles/source/FormatSupport/ASF_Support.cpp (CVE-2017-18236)

* exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in
XMPFiles/source/FormatSupport/QuickTime_Support.cpp (CVE-2017-18238)

* exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData
function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for
denial of service via crafted XLS file (CVE-2018-7730)
--

SL7
  x86_64
    exempi-2.2.0-9.el7.i686.rpm
    exempi-2.2.0-9.el7.x86_64.rpm
    exempi-devel-2.2.0-9.el7.i686.rpm
    exempi-devel-2.2.0-9.el7.x86_64.rpm
    exempi-debuginfo-2.2.0-9.el7.i686.rpm
    exempi-debuginfo-2.2.0-9.el7.x86_64.rpm

- Scientific Linux Development Team