Debian LTS: DLA-3585-1: exempi security update
Summary
CVE-2020-18651
A Buffer Overflow vulnerability was found
in function ID3_Support::ID3v2Frame::getFrameValue
allows remote attackers to cause a denial of service.
CVE-2020-18652
A Buffer Overflow vulnerability was found in
WEBP_Support.cpp allows remote attackers to cause a
denial of service.
CVE-2021-36045
An out-of-bounds read vulnerability was found
that could lead to disclosure of arbitrary memory.
CVE-2021-36046
A memory corruption vulnerability was found,
potentially resulting in arbitrary code execution
in the context of the current use
CVE-2021-36047
An Improper Input Validation vulnerability was found,
potentially resulting in arbitrary
code execution in the context of the current use.
CVE-2021-36048
An Improper Input Validation was found,
potentially resulting in arbitrary
code execution in the context of the current user.
CVE-2021-36050
A buffer overflow vulnerability was found,
potentially resulting in arbitrary code execution
in the context of the current user.
CVE-2021-36051
A buffer overflow vulnerability was found,
potentially resulting in arbitrary code execution
in the context of the current user.
CVE-2021-36052
A memory corruption vulnerability was found,
potentially resulting in arbitrary code execution
in the context of the current user.
CVE-2021-36053
An out-of-bounds read vulnerability was found,
that could lead to disclosure of arbitrary memory.
CVE-2021-36054
A buffer overflow vulnerability was found potentially
resulting in local application denial of service.
CVE-2021-36055
A use-after-free vulnerability was found that could
result in arbitrary code execution.
CVE-2021-36056
A buffer overflow vulnerability was found, potentially
resulting in arbitrary code execution in the context of
the current user.
CVE-2021-36057
A write-what-where condition vulnerability was found,
caused during the application's memory allocation process.
This may cause the memory management functions to become
mismatched resulting in local application denial of service
in the context of the current user.
CVE-2021-36058
An Integer Overflow vulnerability was found, potentially
resulting in application-level denial of service in the
context of the current user.
CVE-2021-36064
A Buffer Underflow vulnerability was found which
could result in arbitrary code execution in the context
of the current user
CVE-2021-39847
A stack-based buffer overflow vulnerability
potentially resulting in arbitrary code execution in the
context of the current user.
CVE-2021-40716
An out-of-bounds read vulnerability was found that
could lead to disclosure of sensitive memory
CVE-2021-40732
A null pointer dereference vulnerability was found,
that could result in leaking data from certain memory
locations and causing a local denial of service
CVE-2021-42528
A Null pointer dereference vulnerability was found
when parsing a specially crafted file. An unauthenticated attacker
could leverage this vulnerability to achieve an application
denial-of-service in the context of the current user.
CVE-2021-42529
A stack-based buffer overflow vulnerability was found
potentially resulting in arbitrary code execution
in the context of the current user.
CVE-2021-42530
A stack-based buffer overflow vulnerability was found
potentially resulting in arbitrary code execution in the
context of the current user.
CVE-2021-42531
A stack-based buffer overflow vulnerability
potentially resulting in arbitrary code execution in
the context of the current user
CVE-2021-42532
A stack-based buffer overflow vulnerability
potentially resulting in arbitrary code execution in the
context of the current user.
For Debian 10 buster, these problems have been fixed in version
2.5.0-2+deb10u1.
We recommend that you upgrade your exempi packages.
For the detailed security status of exempi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/exempi
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS