INFSA-2024:3066: Exempi security update
Information about definition
Identificator: INFSA-2024:3066
Type: security
Release date: 2024-08-23 18:58:00 UTC
Information about package
Exempi provides a library for easy parsing of XMP metadata.
Vulnerabilities description
- CVE-2020-18651
Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.
- CVE-2020-18652
Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2020-18651
|
no information | 6.5 | no information |
|
NIST — CVE-2020-18652
|
no information | 6.5 | no information |
Updated packages