An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. Upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=102483 Upstream patch: https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331
Created exempi tracking bugs for this issue: Affects: fedora-all [bug 1558717]
Statement: This issue did not affect the versions of Exempi as shipped with Red Hat Enterprise Linux 6 as they did not include the vulnerable code.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2048 https://access.redhat.com/errata/RHSA-2019:2048
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-18238