CVE-2017-18235

Priority
Description
An issue was discovered in Exempi before 2.4.3. The VPXChunk class in
XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero
widths and heights, which allows remote attackers to cause a denial of
service (assertion failure and application exit) via a crafted .webp file.
Notes
leosilvacouldn't reproduce in trusty, xenial, artful and bionic.
mdeslaurtrusty and xenial have no WEBP support
Package
Upstream:released (2.4.3-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Patches:
Upstream:https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4
More Information

Updated: 2020-09-10 05:38:40 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)