CVE-2018-7729

Vulnerability

A stack-based buffer over-read vulnerability exists in Exempi through version 2.4.4 in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. The issue occurs when parsing crafted PostScript files, allowing reading beyond the allocated buffer boundary. [1]

Exploitation

An attacker can exploit this by providing a specially crafted PostScript file to an application using the Exempi library for XMP metadata parsing. No authentication is required, and the attack can be triggered remotely via file import or similar mechanisms. The exact steps involve delivering the malicious file to the victim application. [1]

Impact

Successful exploitation could lead to a stack-based buffer over-read, potentially causing information disclosure. The attacker may read sensitive data that resides adjacent to the buffer in memory. The impact is limited to confidentiality compromise; no execution or modification is directly implied by the over-read. [1]

Mitigation

As of the publication date (2018-03-06), no official patch is mentioned in the available reference. Users should consider upgrading to a fixed version if available; check vendor advisories. The reference [1] is inaccessible, so further details are unavailable. [1]