Bug 2231135 (CVE-2023-38210)

Summary: CVE-2023-38210 xmpcore: Uncontrolled Resource Consumption
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aileenc, alampare, alazarot, chazlett, dhanak, emingora, gjospin, gmalinko, ibek, janstey, jrokos, kverlaen, lbacciot, mnovotny, pdelbell, pjindal, rguimara
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An uncontrolled resource consumption flaw was found in the Adobe XMP Toolkit. This issue may allow an unauthenticated attacker to send a malicious file, which when opened by a user, could lead to an application denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-14 19:50:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2231137, 2231136    
Bug Blocks: 2231138    

Description Pedro Sampaio 2023-08-10 17:43:47 UTC 
Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References:

https://helpx.adobe.com/security/products/xmpcore/apsb23-45.html
Comment 1 Pedro Sampaio 2023-08-10 17:44:21 UTC 
Created xmpcore tracking bugs for this issue:

Affects: epel-7 [bug 2231137]
Affects: fedora-all [bug 2231136]