PublicDateAtUSN: 2018-03-15
Candidate: CVE-2017-18233
PublicDate: 2018-03-15 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18233
 https://ubuntu.com/security/notices/USN-3668-1
Description:
 An issue was discovered in Exempi before 2.4.4. Integer overflow in the
 Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote
 attackers to cause a denial of service (infinite loop) via crafted XMP data
 in a .avi file.
Ubuntu-Description:
Notes:
 leosilva> patch doesn't work for old releases that not uses XIO class.
Bugs:
 https://bugs.freedesktop.org/show_bug.cgi?id=102151
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_exempi:
 upstream: https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260
upstream_exempi: released (2.4.4-1)
precise/esm_exempi: DNE
trusty_exempi: released (2.2.1-1ubuntu1.1)
trusty/esm_exempi: DNE (trusty was released [2.2.1-1ubuntu1.1])
xenial_exempi: released (2.2.2-2ubuntu0.1)
esm-infra/xenial_exempi: released (2.2.2-2ubuntu0.1)
artful_exempi: released (2.4.3-1ubuntu1.1)
bionic_exempi: not-affected (2.4.5-2)
devel_exempi: not-affected (2.4.5-2)