CVE-2017-18234 (retired)

Priority
Description
An issue was discovered in Exempi before 2.4.3. It allows remote attackers
to cause a denial of service (invalid memcpy with resultant use-after-free)
or possibly have unspecified other impact via a .pdf file containing JPEG
data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp,
XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and
XMPFiles/source/FormatSupport/TIFF_Support.hpp.
Assigned-to
mdeslaur
Notes
leosilvapoc not reproducible in trusty and xenial
Package
Upstream:released (2.4.3-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.2.2-2ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Patches:
Upstream:https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c
More Information

Updated: 2019-10-09 07:59:44 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)