Synopsis: Low: exempi security update Advisory ID: SLSA-2019:2048-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-7730 CVE-2017-18233 CVE-2017-18238 CVE-2017-18236 CVE-2017-18234 -- Security Fix(es): * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file containing JPEG data (CVE-2017-18234) * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp (CVE-2017-18236) * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp (CVE-2017-18238) * exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for denial of service via crafted XLS file (CVE-2018-7730) -- SL7 x86_64 exempi-2.2.0-9.el7.i686.rpm exempi-2.2.0-9.el7.x86_64.rpm exempi-devel-2.2.0-9.el7.i686.rpm exempi-devel-2.2.0-9.el7.x86_64.rpm exempi-debuginfo-2.2.0-9.el7.i686.rpm exempi-debuginfo-2.2.0-9.el7.x86_64.rpm - Scientific Linux Development Team