Aggregates CVE and security vulnerability intelligence across all exempi_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption, vendor risk buffer overflow, and vendor risk input validation and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-18652 | Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. | [email protected] | 6.5 | 2.16% | 2023-08-22 | 2024-11-21 |
| CVE-2020-18651 | Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. | [email protected] | 6.5 | 2.23% | 2023-08-22 | 2024-11-21 |
| CVE-2018-12648 | The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. | [email protected] | 7.5 | 0.46% | 2018-06-22 | 2024-11-21 |
| CVE-2017-18238 | An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. | [email protected] | 5.5 | 0.52% | 2018-03-15 | 2024-11-21 |
| CVE-2017-18237 | An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file. | [email protected] | 5.5 | 0.40% | 2018-03-15 | 2024-11-21 |
| CVE-2017-18236 | An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. | [email protected] | 5.5 | 0.87% | 2018-03-15 | 2024-11-21 |
| CVE-2017-18235 | An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file. | [email protected] | 5.5 | 0.41% | 2018-03-15 | 2024-11-21 |
| CVE-2017-18234 | An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp. | [email protected] | 7.8 | 0.62% | 2018-03-15 | 2024-11-21 |
| CVE-2017-18233 | An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file. | [email protected] | 5.5 | 0.55% | 2018-03-15 | 2024-11-21 |
| CVE-2018-7731 | An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. | [email protected] | 5.5 | 0.40% | 2018-03-06 | 2024-11-21 |
| CVE-2018-7730 | An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. | [email protected] | 5.5 | 0.11% | 2018-03-06 | 2024-11-21 |
| CVE-2018-7729 | An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. | [email protected] | 5.5 | 0.34% | 2018-03-06 | 2024-11-21 |
| CVE-2018-7728 | An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. | [email protected] | 5.5 | 0.50% | 2018-03-06 | 2024-11-21 |