Exempi through version 2.4.4 is vulnerable to a NULL pointer dereference in the XMPFiles/source/FormatSupport/WEBP_Support.cpp:WEBP::VP8XChunk class. An attacker could exploit this to cause a denial of service via crafted file.
Upstream Bug Report:
Created exempi tracking bugs for this issue:
Affects: fedora-all [bug 1555156]
This issue did not affect the versions of Exempi as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for WebP file format.