Bugzilla – Bug 1098946
VUL-1: CVE-2018-12648: exempi: The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp inExempi 2.4.5 has a NULL pointer dereference.
Last modified: 2019-06-27 14:40:10 UTC
CVE-2018-12648 The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12648 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12648.html https://bugs.freedesktop.org/show_bug.cgi?id=106981
Created attachment 775143 [details] 1-poc-data-null-pointer QA REPRODUCER: exempi -x -o out 1-poc-data-null-pointer should not segfault
exempi 2.4 is affevcted (SLE15) exempi 2.2 and older are not affected (do not have WEBP support)
SUSE-SU-2019:1603-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1098946 CVE References: CVE-2018-12648 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): exempi-2.4.5-3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): exempi-2.4.5-3.3.2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): exempi-2.4.5-3.3.2 SUSE Linux Enterprise Module for Desktop Applications 15 (src): exempi-2.4.5-3.3.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1657-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1098946 CVE References: CVE-2018-12648 Sources used: openSUSE Leap 15.1 (src): exempi-2.4.5-lp151.3.3.1
released
openSUSE-SU-2019:1649-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1098946 CVE References: CVE-2018-12648 Sources used: openSUSE Leap 15.0 (src): exempi-2.4.5-lp150.2.3.1