CVE-2017-18235

Name of the Vulnerable Software and Affected Versions: Exempi versions prior to 2.4.3

Description: An issue in the VPXChunk class in XMPFiles/source/FormatSupport/WEBP Support.cpp allows remote attackers to cause a denial of service via a crafted .webp file, due to the class not ensuring nonzero widths and heights. This can lead to an assertion failure and application exit.

Recommendations: For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of .webp files from untrusted sources to minimize the risk of exploitation.