Exempi through version 2.4.4 is vulnerable to a NULL pointer dereference in the XMPFiles/source/FormatSupport/WEBP_Support.cpp:WEBP::VP8XChunk class. An attacker could exploit this to cause a denial of service via crafted file. Upstream Bug Report: https://bugs.freedesktop.org/show_bug.cgi?id=105247 Upstream Patch: https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666
Created exempi tracking bugs for this issue: Affects: fedora-all [bug 1555156]
Statement: This issue did not affect the versions of Exempi as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for WebP file format.