Mageia Bugzilla – Attachment 10148 Details for
Bug 22871
exempi new security issues CVE-2018-7729, CVE-2018-7731, and CVE-2017-1823[3-7]
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
Reproducer tests for various CVEs after the update
afterwards (text/plain), 2.29 KB, created by
Len Lawrence
on 2018-05-14 00:18:04 CEST
(
hide
)
Description:
Reproducer tests for various CVEs after the update
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2018-05-14 00:18:04 CEST
Size:
2.29 KB
patch
obsolete
>CVE-2018-7729 better >Reproducer tests for various CVEs after the update. > >CVE-2018-7729 better >$ exempi -x exempi-PostScript_Handler-888-overflow >processing file exempi-PostScript_Handler-888-overflow >dump_xmp for file exempi-PostScript_Handler-888-overflow ><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.5.0"> > <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> > <rdf:Description rdf:about="" > xmlns:xmp="http://ns.adobe.com/xap/1.0/"> > <xmp:CreatorTool>Adobe Illustrator(R) 12</xmp:CreatorTool> > </rdf:Description> > </rdf:RDF> ></x:xmpmeta> > >CVE-2018-7731 = >$ exempi -x exempi-WEBP_Support-123-SEGV >processing file exempi-WEBP_Support-123-SEGV >dump_xmp for file exempi-WEBP_Support-123-SEGV > >CVE-2017-18233 better >$ exempi -x inf-loop.avi >processing file inf-loop.avi >dump_xmp for file inf-loop.avi > >CVE-2017-18234 = >$ exempi -x crash.pdf >processing file crash.pdf >dump_xmp for file crash.pdf ><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.5.0"> > <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> > <rdf:Description rdf:about=""/> > </rdf:RDF> ></x:xmpmeta> > >CVE-2017-18235 = >$ exempi -x assert.webp >processing file assert.webp >dump_xmp for file assert.webp > >CVE-2017-18236 better >$ exempi -x inf-loop.asf >processing file inf-loop.asf >dump_xmp for file inf-loop.asf ><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.5.0"> > <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> > <rdf:Description rdf:about="" > xmlns:xmp="http://ns.adobe.com/xap/1.0/" > xmlns:asf="http://ns.adobe.com/asf/1.0/"> > <xmp:CreateDate>1601-01-01T00:00Z</xmp:CreateDate> > <asf:NativeDigest>D41D8CD98F00B204E9800998ECF8427E</asf:NativeDigest> > </rdf:Description> > </rdf:RDF> ></x:xmpmeta> > >CVE-2017-18237 better >$ exempi -x convertodate.ps >processing file convertodate.ps >dump_xmp for file convertodate.ps ><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.5.0"> > <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> > <rdf:Description rdf:about=""/> > </rdf:RDF> ></x:xmpmeta> > >Several of these results are "better" in the sense that more information is provided and infinite loops are broken. "=" signifies that there is no change in the output message. On the whole these test indicate that the patches are effective.
CVE-2018-7729 better Reproducer tests for various CVEs after the update. CVE-2018-7729 better $ exempi -x exempi-PostScript_Handler-888-overflow processing file exempi-PostScript_Handler-888-overflow dump_xmp for file exempi-PostScript_Handler-888-overflow <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.5.0"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/"> <xmp:CreatorTool>Adobe Illustrator(R) 12</xmp:CreatorTool> </rdf:Description> </rdf:RDF> </x:xmpmeta> CVE-2018-7731 = $ exempi -x exempi-WEBP_Support-123-SEGV processing file exempi-WEBP_Support-123-SEGV dump_xmp for file exempi-WEBP_Support-123-SEGV CVE-2017-18233 better $ exempi -x inf-loop.avi processing file inf-loop.avi dump_xmp for file inf-loop.avi CVE-2017-18234 = $ exempi -x crash.pdf processing file crash.pdf dump_xmp for file crash.pdf <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.5.0"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta> CVE-2017-18235 = $ exempi -x assert.webp processing file assert.webp dump_xmp for file assert.webp CVE-2017-18236 better $ exempi -x inf-loop.asf processing file inf-loop.asf dump_xmp for file inf-loop.asf <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.5.0"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:asf="http://ns.adobe.com/asf/1.0/"> <xmp:CreateDate>1601-01-01T00:00Z</xmp:CreateDate> <asf:NativeDigest>D41D8CD98F00B204E9800998ECF8427E</asf:NativeDigest> </rdf:Description> </rdf:RDF> </x:xmpmeta> CVE-2017-18237 better $ exempi -x convertodate.ps processing file convertodate.ps dump_xmp for file convertodate.ps <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.5.0"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta> Several of these results are "better" in the sense that more information is provided and infinite loops are broken. "=" signifies that there is no change in the output message. On the whole these test indicate that the patches are effective.
View Attachment As Raw
Actions:
View
Attachments on
bug 22871
: 10148