SB2018032321 - Fedora 27 update for exempi

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018032321

SB2018032321 - Fedora 27 update for exempi

Published: March 23, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018032321
Severity
Low
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Heap-based buffer over-read (CVE-ID: CVE-2018-7728)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness in the MD5Update() function is due to heap-based buffer over-read. A local attacker can submit a specially crafted file, trigger memory corruption and cause the service to crash.

2) Heap-based buffer overflow (CVE-ID: CVE-2018-7729)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the PostScript_MetaHandler::ParsePSFile() function due to heap-based buffer overflow. A local attacker can send a specially crafted file, trigger memory corruption and cause the service to crash.

3) Heap-based buffer over-read (CVE-ID: CVE-2018-7730)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness in the PSD_MetaHandler::CacheFileData() function is due to heap-based buffer over-read. A local attacker can submit a specially crafted .xls file, trigger memory corruption and cause the service to crash.

4) NULL pointer dereference (CVE-ID: CVE-2018-7731)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the WEBP::VP8XChunk::VP8XChunk() function due to NULL pointer dereference. A local attacker can submit a specially crafted file, trigger memory corruption and cause the service to crash.

5) Memory corruption (CVE-ID: CVE-2017-18233)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Chunk class in the source code file XMPFiles/source/FormatSupport/RIFF.cpp due to integer overflow and infinite loop when handling Extensible Metadata Platform (XMP) data in .avifiles. A remote attacker can trick the victim into accessing a specially crafted .avi file, trigger memory corruption and cause the service to crash.

6) Infinite loop (CVE-ID: CVE-2017-18236)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the ASF_Support::ReadHeaderObject function in the source code file XMPFiles/source/FormatSupport/ASF_Support.cpp due to infinite loop when handling .asf files. A remote attacker can trick the victim into accessing a specially crafted .asf file and cause the service to crash.

7) Use-after-free error (CVE-ID: CVE-2017-18234)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to improper processing of a file that contains JPEG data related to the XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp and XMPFiles/source/FormatSupport/TIFF_Support.hpp source code files. A remote attacker can trick the victim into accessing a file that contains customized JPEG data that submits malicious input, trigger use after free and cause the service to crash.


8) Improper input validation (CVE-ID: CVE-2017-18235)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the VPXChunk class defined in the source code file XMPFiles/source/FormatSupport/WEBP_Support.cpp due to insufficient sanitization of "0" values passed to height() or width() by the affected software when handling .webq files. A remote attacker can trick the victim into opening a specially crafted .webq file, trigger memory assertion error and cause the service to crash.


9) NULL pointer dereference (CVE-ID: CVE-2017-18237)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the PostScript_Support::ConvertToDate function in the source code file XMPFiles/source/FormatSupport/PostScript_Support.cpp due to invalid pointer dereference when handling PostScript (.ps) files. A remote attacker can trick the victim into accessing a specially crafted .ps file and cause the service to crash.

Remediation

Install update from vendor's website.

References