{"id":"MGASA-2022-0236","summary":"Updated exempi packages fix security vulnerability","details":"XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an\nout-of-bounds read vulnerability that could lead to disclosure of\narbitrary memory. An attacker could leverage this vulnerability to bypass\nmitigations such as ASLR. Exploitation of this issue requires user\ninteraction in that a victim must open a malicious file. (CVE-2021-36045)\n\nXMP Toolkit version 2020.1 (and earlier) is affected by a memory\ncorruption vulnerability, potentially resulting in arbitrary code\nexecution in the context of the current user. User interaction is required\nto exploit this vulnerability. (CVE-2021-36046)\n\nXMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper\nInput Validation vulnerability potentially resulting in arbitrary code\nexecution in the context of the current user. Exploitation requires user\ninteraction in that a victim must open a crafted file. (CVE-2021-36047)\n\nXMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper\nInput Validation vulnerability potentially resulting in arbitrary code\nexecution in the context of the current user. Exploitation requires user\ninteraction in that a victim must open a crafted file. (CVE-2021-36048)\n\nXMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer\noverflow vulnerability potentially resulting in arbitrary code execution\nin the context of the current user. Exploitation requires user interaction\nin that a victim must open a crafted file. (CVE-2021-36050)\n\nXMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer\noverflow vulnerability potentially resulting in arbitrary code execution\nin the context of the current user. Exploitation requires user interaction\nin that a victim must open a specially-crafted .cpp file. (CVE-2021-36051)\n\nXMP Toolkit version 2020.1 (and earlier) is affected by a memory\ncorruption vulnerability, potentially resulting in arbitrary code\nexecution in the context of the current user. User interaction is required\nto exploit this vulnerability. (CVE-2021-36052)\n\nXMP Toolkit SDK versions 2020.1 (and earlier) are affected by an\nout-of-bounds read vulnerability that could lead to disclosure of\narbitrary memory. An attacker could leverage this vulnerability to bypass\nmitigations such as ASLR. Exploitation of this issue requires user\ninteraction in that a victim must open a malicious file. (CVE-2021-36053)\n\nXMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer\noverflow vulnerability potentially resulting in local application denial\nof service in the context of the current user. Exploitation requires user\ninteraction in that a victim must open a crafted file. (CVE-2021-36054)\n\nXMP Toolkit SDK versions 2020.1 (and earlier) are affected by a\nuse-after-free vulnerability that could result in arbitrary code execution\nin the context of the current user. Exploitation of this issue requires\nuser interaction in that a victim must open a malicious file.\n(CVE-2021-36055)\n\nXMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer\noverflow vulnerability potentially resulting in arbitrary code execution\nin the context of the current user. Exploitation requires user interaction\nin that a victim must open a crafted file. (CVE-2021-36056)\n\nXMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer\nOverflow vulnerability potentially resulting in application-level denial\nof service in the context of the current user. Exploitation requires user\ninteraction in that a victim must open a crafted file. (CVE-2021-36058)\n\nXMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow\nvulnerability which could result in arbitrary code execution in the\ncontext of the current user. Exploitation of this issue requires user\ninteraction in that a victim must open a malicious file. (CVE-2021-36064)\n\nXMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based\nbuffer overflow vulnerability potentially resulting in arbitrary code\nexecution in the context of the current user. Exploitation requires user\ninteraction in that a victim must open a crafted file. (CVE-2021-39847)\n\nXMP Toolkit SDK versions 2021.07 (and earlier) are affected by an\nout-of-bounds read vulnerability that could lead to disclosure of\nsensitive memory. An attacker could leverage this vulnerability to bypass\nmitigations such as ASLR. Exploitation of this issue requires user\ninteraction in that a victim must open a malicious file. (CVE-2021-40716)\n\nXMP Toolkit version 2020.1 (and earlier) is affected by a null pointer\ndereference vulnerability that could result in leaking data from certain\nmemory locations and causing a local denial of service in the context of\nthe current user. User interaction is required to exploit this\nvulnerability in that the victim will need to open a specially crafted MXF\nfile. (CVE-2021-40732)\n\nXMP Toolkit 2021.07 (and earlier) is affected by a Null pointer\ndereference vulnerability when parsing a specially crafted file. An\nunauthenticated attacker could leverage this vulnerability to achieve an\napplication denial-of-service in the context of the current user.\nExploitation of this issue requires user interaction in that a victim must\nopen a malicious file. (CVE-2021-42528)\n\nXMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based\nbuffer overflow vulnerability potentially resulting in arbitrary code\nexecution in the context of the current user. Exploitation requires user\ninteraction in that a victim must open a crafted file. (CVE-2021-42529)\n\nXMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based\nbuffer overflow vulnerability potentially resulting in arbitrary code\nexecution in the context of the current user. Exploitation requires user\ninteraction in that a victim must open a crafted file. (CVE-2021-42530)\n\nXMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based\nbuffer overflow vulnerability potentially resulting in arbitrary code\nexecution in the context of the current user. Exploitation requires user\ninteraction in that a victim must open a crafted file. (CVE-2021-42531)\n\nXMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based\nbuffer overflow vulnerability potentially resulting in arbitrary code\nexecution in the context of the current user. Exploitation requires user\ninteraction in that a victim must open a crafted file. (CVE-2021-42532)\n","modified":"2026-04-16T00:09:17.186724032Z","published":"2022-06-18T21:30:41Z","upstream":["CVE-2021-36045","CVE-2021-36046","CVE-2021-36047","CVE-2021-36048","CVE-2021-36050","CVE-2021-36051","CVE-2021-36052","CVE-2021-36053","CVE-2021-36054","CVE-2021-36055","CVE-2021-36056","CVE-2021-36058","CVE-2021-36064","CVE-2021-39847","CVE-2021-40716","CVE-2021-40732","CVE-2021-42528","CVE-2021-42529","CVE-2021-42530","CVE-2021-42531","CVE-2021-42532"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0236.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30557"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5483-1"}],"affected":[{"package":{"name":"exempi","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/exempi?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.1-2.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0236.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}