Hubert Figuière

Name of the Vulnerable Software and Affected Versions: Exempi versions prior to 2.5 Description: An issue was discovered in Exempi. There is a stack-based buffer over-read in the PostScript MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript Handler.cpp. Recommendations: For versions prior to 2.5, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the PostScript MetaHandler::ParsePSFile() function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Exempi versions prior to 2.5 Description: An issue was discovered in Exempi where the XMPFiles/source/FormatSupport/WEBP Support.cpp file does not check whether a bitstream has a NULL value. This leads to a NULL pointer dereference in the WEBP::VP8XChunk class. Recommendations: For Exempi versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the WEBP Support.cpp file until a patch is available.

Name of the Vulnerable Software and Affected Versions: Exempi versions prior to 2.4.5 Description: A heap-based buffer over-read issue occurs due to the mishandling of a certain case of a 0xffffffff length in the PSD MetaHandler::CacheFileData() function. This issue arises in the XMPFiles/source/FormatSupport/PSIR FileWriter.cpp file. Recommendations: For Exempi versions prior to 2.4.5, update to version 2.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the PSD MetaHandler::CacheFileData() function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Exempi versions prior to 2.5 Description: An issue in Exempi allows for a heap-based buffer over-read in the `MD5Update()` function. This occurs due to mishandling of a zero-length case in the TIFF Handler.cpp file. Recommendations: For versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `TIFF Handler.cpp` file until a patch is available.

Name of the Vulnerable Software and Affected Versions: Exempi versions prior to 2.4.3 Description: An issue in the PostScript Support::ConvertToDate function allows remote attackers to cause a denial of service, resulting in an invalid pointer dereference and application crash, via a crafted .ps file. Recommendations: For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of .ps files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Exempi versions prior to 2.4.3 Description: An issue in the VPXChunk class in XMPFiles/source/FormatSupport/WEBP Support.cpp allows remote attackers to cause a denial of service via a crafted .webp file, due to the class not ensuring nonzero widths and heights. This can lead to an assertion failure and application exit. Recommendations: For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of .webp files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exempi versions prior to 2.4.4 **Description** The issue is related to the ASF Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF Support.cpp, which allows remote attackers to cause a denial of service, potentially through an infinite loop or use-after-free memory issue, via a crafted .asf file. **Recommendations** For versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ASF Support::ReadHeaderObject function or avoiding the processing of untrusted .asf files until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Exempi versions prior to 2.4.4 **Description** The issue is caused by an integer overflow in the Chunk class. This allows remote attackers to cause a denial of service, specifically an infinite loop, via crafted XMP data in a .avi file. **Recommendations** For versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted XMP data in .avi files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exempi versions prior to 2.4.4 **Description** The issue is related to the `TradQT Manager::ParseCachedBoxes` function, which allows remote attackers to cause a denial of service, potentially through an infinite loop or use-after-free error, via crafted XMP data in a .qt file. **Recommendations** For Exempi versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `TradQT Manager::ParseCachedBoxes` function until a patch is available. Avoid using crafted XMP data in .qt files to minimize the risk of exploitation.