PublicDateAtUSN: 2018-03-06
Candidate: CVE-2018-7731
PublicDate: 2018-03-06 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7731
 https://ubuntu.com/security/notices/USN-3668-1
Description:
 An issue was discovered in Exempi through 2.4.4.
 XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a
 bitstream has a NULL value, leading to a NULL pointer dereference in the
 WEBP::VP8XChunk class.
Ubuntu-Description:
Notes:
 mdeslaur> trust and xenial don't have WEBP support
Bugs:
 https://bugs.freedesktop.org/show_bug.cgi?id=105247
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_exempi:
 upstream: https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666
upstream_exempi: needs-triage
precise/esm_exempi: DNE
trusty_exempi: not-affected (code not present)
trusty/esm_exempi: DNE (trusty was not-affected [code not present])
xenial_exempi: not-affected (code not present)
esm-infra/xenial_exempi: not-affected (code not present)
artful_exempi: released (2.4.3-1ubuntu1.1)
bionic_exempi: not-affected (2.4.5-2)
devel_exempi: not-affected (2.4.5-2)