Risk | High |
Patch available | YES |
Number of vulnerabilities | 22 |
CVE-ID | CVE-2018-12648 CVE-2021-36045 CVE-2021-36046 CVE-2021-36047 CVE-2021-36048 CVE-2021-36050 CVE-2021-36051 CVE-2021-36052 CVE-2021-36053 CVE-2021-36054 CVE-2021-36055 CVE-2021-36056 CVE-2021-36058 CVE-2021-36064 CVE-2021-39847 CVE-2021-40716 CVE-2021-40732 CVE-2021-42528 CVE-2021-42529 CVE-2021-42530 CVE-2021-42531 CVE-2021-42532 |
CWE-ID | CWE-476 CWE-125 CWE-788 CWE-20 CWE-122 CWE-416 CWE-190 CWE-119 CWE-121 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system exempi (Ubuntu package) Operating systems & Components / Operating system package or component libexempi8 (Ubuntu package) Operating systems & Components / Operating system package or component libexempi3 (Ubuntu package) Operating systems & Components / Operating system package or component |
Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
EUVDB-ID: #VU18936
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12648
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in the WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp file. A remote attacker can use a specially crafted file to perform a denial of service (DoS) attack.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55940
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36045
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55942
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36046
CWE-ID:
CWE-788 - Access of Memory Location After End of Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55944
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36047
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a execute arbitrary code on the target system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55946
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36048
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a execute arbitrary code on the target system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55947
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36050
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55948
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36051
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55943
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36052
CWE-ID:
CWE-788 - Access of Memory Location After End of Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55941
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36053
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the target system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55949
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36054
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service condition on the target system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55950
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36055
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can perform a denial of service (DoS) attack.
Update the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55951
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36056
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can perform a denial of service (DoS) attack.
Update the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55954
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36058
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55953
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36064
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64465
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39847
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the XMP Toolkit SDK. A local unauthenticated attacker can trick the victim into opening a specially crafted file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU56596
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-40716
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64469
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-40732
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in XMP-Toolkit-SDK. A local attacker can trick the victim into opening a specially crafted MXF file to leak data from certain memory locations and cause a local denial of service in the context of the current user.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57666
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42528
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57667
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42529
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57668
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42530
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57669
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42531
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57670
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42532
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package exempi to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
exempi (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi8 (Ubuntu package): before 2.5.2-1ubuntu0.22.04.1
libexempi3 (Ubuntu package): before 2.4.5-2ubuntu0.1
External linkshttp://ubuntu.com/security/notices/USN-5483-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.