CVE-2017-18237
MEDIUMexempi < 2.4.3 - Denial of Service via Crafted .ps File
Title source: llmDescription
An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://bugs.freedesktop.org/show_bug.cgi?id=101914
Patch x_refsource_confirm
https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048
Scores
CVSS v3
5.5
EPSS
0.0119
EPSS Percentile
64.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
exempi_project/exempi
< 2.4.3
Published
Mar 15, 2018
Tracked Since
Feb 18, 2026