Ubuntu has issued an advisory on June 16: https://ubuntu.com/security/notices/USN-5483-1 Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Patches available from Ubuntu
Suggested advisory: ======================== The updated packages fix security vulnerabilities: XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36045) XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVE-2021-36046) XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36047) XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36048) XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36050) XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file. (CVE-2021-36051) XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. (CVE-2021-36052) XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36053) XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36054) XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36055) XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36056) XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-36058) XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-36064) XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-39847) XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-40716) XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file. (CVE-2021-40732) XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-42528) XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-42529) XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-42530) XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-42531) XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. (CVE-2021-42532) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36045 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36047 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36050 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36051 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36054 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36055 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36058 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36064 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39847 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40716 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42529 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42530 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42531 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42532 https://ubuntu.com/security/notices/USN-5483-1 ======================== Updated packages in core/updates_testing: ======================== exempi-2.5.1-2.1.mga8 lib(64)exempi8-2.5.1-2.1.mga8 lib(64)exempi-devel-2.5.1-2.1.mga8 from SRPM: exempi-2.5.1-2.1.mga8.src.rpm
CC: (none) => nicolas.salgueroStatus comment: Patches available from Ubuntu => (none)Version: Cauldron => 8Assignee: bugsquad => qa-bugsWhiteboard: MGA8TOO => (none)Status: NEW => ASSIGNED
mga8, x64 exempi working fine before the updates. In terms of PoC the CVEs were not worth pursuing; most of them seem to lead to the Adobe site which does not mention reproducers. Following previous report for bug 22871 which borrowed from Lewis. The libraries are used by caja, eog, eom, nemo, and tellico amongst others. $ strace -o exempi.trace exempi -o craters.xml -x craters.tif processing file craters.tif dump_xmp for file craters.tif $ grep exempi exempi.trace openat(AT_FDCWD, "/lib64/libexempi.so.8", O_RDONLY|O_CLOEXEC) = 3 $ less craters.xml <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.6.0"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/"> [...] </tiff:PrimaryChromaticities> <dc:description> <rdf:Alt> <rdf:li xml:lang="x-default">IDL TIFF file</rdf:li> </rdf:Alt> </dc:description> </rdf:Description> </rdf:RDF> </x:xmpmeta> $ exempi -o referendum.xml -x ReferendumDoc_01.pdf processing file ReferendumDoc_01.pdf dump_xmp for file ReferendumDoc_01.pdf $ less referendum.xml <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.6.0"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" [...] </xmpMM:History> <dc:format>application/pdf</dc:format> <pdf:Producer>Adobe PDF Library 10.0.1</pdf:Producer> <pdf:Trapped>False</pdf:Trapped> </rdf:Description> </rdf:RDF> </x:xmpmeta> No regressions so far. Green light for this.
Whiteboard: (none) => MGA8-64-OKCC: (none) => tarazed25
Validating. Advisory in Comment 1.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0236.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED