Information on source package exempi

Available versions

Release	Version
jessie	2.2.1-2
stretch	2.4.1-1+deb9u2
buster	2.5.0-2
buster (security)	2.5.0-2+deb10u1
bullseye	2.5.2-1
bookworm	2.6.3-1
trixie	2.6.5-1
sid	2.6.5-1

Open issues

Bug	jessie	stretch	buster	bullseye	bookworm	trixie	sid	Description
CVE-2021-42532	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...
CVE-2021-42531	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...
CVE-2021-42530	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...
CVE-2021-42529	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...
CVE-2021-42528	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer derefe ...
CVE-2021-40732	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...
CVE-2021-40716	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...
CVE-2021-39847	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...
CVE-2021-36064	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...
CVE-2021-36058	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...
CVE-2021-36057	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...
CVE-2021-36056	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...
CVE-2021-36055	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...
CVE-2021-36054	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...
CVE-2021-36053	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...
CVE-2021-36052	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...
CVE-2021-36051	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...
CVE-2021-36050	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...
CVE-2021-36048	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...
CVE-2021-36047	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...
CVE-2021-36046	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...
CVE-2021-36045	vulnerable	fixed	fixed	vulnerable (no DSA)	fixed	fixed	fixed	XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...
CVE-2020-18652	vulnerable	fixed	fixed	fixed	fixed	fixed	fixed	Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and ...
CVE-2020-18651	vulnerable	fixed	fixed	fixed	fixed	fixed	fixed	Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::get ...
CVE-2018-12648	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Suppo ...
CVE-2018-7730	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	An issue was discovered in Exempi through 2.4.4. A certain case of a 0 ...
CVE-2018-7729	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	An issue was discovered in Exempi through 2.4.4. There is a stack-base ...
CVE-2018-7728	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileH ...
CVE-2017-18238	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::Pa ...
CVE-2017-18237	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	An issue was discovered in Exempi before 2.4.3. The PostScript_Support ...
CVE-2017-18236	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadH ...
CVE-2017-18235	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	An issue was discovered in Exempi before 2.4.3. The VPXChunk class in ...
CVE-2017-18234	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	An issue was discovered in Exempi before 2.4.3. It allows remote attac ...
CVE-2017-18233	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	An issue was discovered in Exempi before 2.4.4. Integer overflow in th ...

Resolved issues

Bug	Description
TEMP-0454297-EACDD7	exempi buffer overflow in GIF ReadHeader() function
CVE-2018-7731	An issue was discovered in Exempi through 2.4.4. XMPFiles/source/Forma ...

Security announcements

DSA / DLA	Description
ELA-972-1	exempi - security update
DLA-3585-1	exempi - security update
ELA-758-1	exempi - security update
DLA-1310-1	exempi - security update