Ubuntu update for exempi



Published: 2022-06-17
Risk High
Patch available YES
Number of vulnerabilities 22
CVE-ID CVE-2018-12648
CVE-2021-36045
CVE-2021-36046
CVE-2021-36047
CVE-2021-36048
CVE-2021-36050
CVE-2021-36051
CVE-2021-36052
CVE-2021-36053
CVE-2021-36054
CVE-2021-36055
CVE-2021-36056
CVE-2021-36058
CVE-2021-36064
CVE-2021-39847
CVE-2021-40716
CVE-2021-40732
CVE-2021-42528
CVE-2021-42529
CVE-2021-42530
CVE-2021-42531
CVE-2021-42532
CWE-ID CWE-476
CWE-125
CWE-788
CWE-20
CWE-122
CWE-416
CWE-190
CWE-119
CWE-121
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

exempi (Ubuntu package)
Operating systems & Components / Operating system package or component

libexempi8 (Ubuntu package)
Operating systems & Components / Operating system package or component

libexempi3 (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 22 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU18936

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12648

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in the WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp file. A remote attacker can use a specially crafted file to perform a denial of service (DoS) attack.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU55940

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36045

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Access of Memory Location After End of Buffer

EUVDB-ID: #VU55942

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36046

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU55944

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36047

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a execute arbitrary code on the target system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU55946

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36048

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a execute arbitrary code on the target system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Heap-based buffer overflow

EUVDB-ID: #VU55947

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36050

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Heap-based buffer overflow

EUVDB-ID: #VU55948

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36051

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Access of Memory Location After End of Buffer

EUVDB-ID: #VU55943

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36052

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU55941

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36053

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the target system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Heap-based buffer overflow

EUVDB-ID: #VU55949

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36054

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service condition on the target system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU55950

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36055

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error. A remote attacker can perform a denial of service (DoS) attack.


Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU55951

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36056

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error. A remote attacker can perform a denial of service (DoS) attack.


Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Integer overflow

EUVDB-ID: #VU55954

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36058

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU55953

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36064

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Stack-based buffer overflow

EUVDB-ID: #VU64465

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-39847

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the XMP Toolkit SDK. A local unauthenticated attacker can trick the victim into opening a specially crafted file, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU56596

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40716

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU64469

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40732

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in XMP-Toolkit-SDK. A local attacker can trick the victim into opening a specially crafted MXF file to leak data from certain memory locations and cause a local denial of service in the context of the current user.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU57666

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42528

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Stack-based buffer overflow

EUVDB-ID: #VU57667

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42529

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Stack-based buffer overflow

EUVDB-ID: #VU57668

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42530

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Stack-based buffer overflow

EUVDB-ID: #VU57669

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42531

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Stack-based buffer overflow

EUVDB-ID: #VU57670

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42532

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package exempi to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 22.04

exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1

libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1

External links

http://ubuntu.com/security/notices/USN-5483-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###