CVE-2017-18238
Description
Exempi before 2.4.4 contains an infinite loop in TradQT_Manager::ParseCachedBoxes when parsing crafted XMP data in a .qt file, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Exempi before 2.4.4 contains an infinite loop in TradQT_Manager::ParseCachedBoxes when parsing crafted XMP data in a .qt file, leading to denial of service.
Vulnerability
The vulnerability resides in Exempi, a library for parsing XMP metadata. The function TradQT_Manager::ParseCachedBoxes in XMPFiles/source/FormatSupport/QuickTime_Support.cpp enters an infinite loop when processing specially crafted XMP data embedded in a .qt (QuickTime) file. Affected versions are Exempi before 2.4.4 [1][2].
Exploitation
An attacker can craft a .qt file containing malicious XMP data. The victim must open the file using an application that relies on Exempi (e.g., image viewers, metadata tools). No authentication or special privileges are required; the attack can be remote if the file is delivered via email, web download, or other means. The infinite loop occurs during parsing, causing the application to hang.
Impact
Successful exploitation results in a denial of service (infinite loop) that can cause the consuming application to become unresponsive or crash. The attacker does not gain code execution or data access from this specific vulnerability.
Mitigation
The issue is fixed in Exempi version 2.4.4 [1]. Red Hat Enterprise Linux and Ubuntu have released updated packages (RHSA-2019:2048 [1], USN-3668-1 [2]). Users should update to the latest version. No workaround is available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- osv-coords4 versionspkg:rpm/suse/exempi&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/exempi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/exempi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/exempi&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 2.2.1-5.7.1+ 3 more
- (no CPE)range: < 2.2.1-5.7.1
- (no CPE)range: < 2.2.1-5.7.1
- (no CPE)range: < 2.2.1-5.7.1
- (no CPE)range: < 2.2.1-5.7.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The TradQT_Manager::ParseCachedBoxes function enters an infinite loop when processing crafted XMP data."
Attack vector
A remote attacker can cause a denial of service by providing a specially crafted .qt file containing malicious XMP data. This crafted data triggers an infinite loop within the TradQT_Manager::ParseCachedBoxes function. The vulnerability is present in Exempi versions prior to 2.4.4 [ref_id=1].
Affected code
The vulnerability resides in the TradQT_Manager::ParseCachedBoxes function, located in the file XMPFiles/source/FormatSupport/QuickTime_Support.cpp [ref_id=1].
What the fix does
The advisory indicates that an update for Exempi is available, which addresses this vulnerability. The specific code changes are not detailed in the provided text, but the update is intended to resolve the infinite loop condition in the TradQT_Manager::ParseCachedBoxes function [ref_id=1].
Preconditions
- inputThe attacker must provide a crafted .qt file containing malicious XMP data.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- access.redhat.com/errata/RHSA-2019:2048mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/3668-1/mitrevendor-advisoryx_refsource_UBUNTU
- bugs.freedesktop.org/show_bug.cgimitrex_refsource_CONFIRM
- cgit.freedesktop.org/exempi/commit/mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/03/msg00013.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.