Debian dla-4264 : exempi - security update

high Nessus Plugin ID 243315

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4264 advisory.

- ------------------------------------------------------------------------- Debian LTS Advisory DLA-4264-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 04, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : exempi Version : 2.5.2-1+deb11u1 CVE ID : CVE-2021-36045 CVE-2021-36046 CVE-2021-36047 CVE-2021-36048 CVE-2021-36050 CVE-2021-36051 CVE-2021-36052 CVE-2021-36053 CVE-2021-36054 CVE-2021-36055 CVE-2021-36056 CVE-2021-36057 CVE-2021-36058 CVE-2021-36064 CVE-2021-39847 CVE-2021-40716 CVE-2021-40732 CVE-2021-42528 CVE-2021-42529 CVE-2021-42530 CVE-2021-42531 CVE-2021-42532

Multiple vulnerabilities have been fixed in Exempi, an implementation of XMP (Extensible Metadata Platform).

CVE-2021-36045

Out-of-bounds Access

CVE-2021-36046

Out-of-bounds Access

CVE-2021-36047

Improper Input Validation

CVE-2021-36048

Improper Input Validation

CVE-2021-36050

Heap-based Buffer Overflow

CVE-2021-36051

Heap-based Buffer Overflow

CVE-2021-36052

Out-of-bounds Access

CVE-2021-36053

Out-of-bounds Access

CVE-2021-36054

Heap-based Buffer Overflow

CVE-2021-36055

Heap-based Buffer Overflow

CVE-2021-36056

Heap-based Buffer Overflow

CVE-2021-36057

Write-what-where Condition

CVE-2021-36058

Integer Overflow or Wraparound

CVE-2021-36064

Buffer Underwrite

CVE-2021-39847

Stack-based Buffer Overflow

CVE-2021-40716

Out-of-bounds Access

CVE-2021-40732

NULL Pointer Dereference

CVE-2021-42528

NULL Pointer Dereference

CVE-2021-42529

Stack-based Buffer Overflow

CVE-2021-42530

Stack-based Buffer Overflow

CVE-2021-42531

Stack-based Buffer Overflow

CVE-2021-42532

Stack-based Buffer Overflow

For Debian 11 bullseye, these problems have been fixed in version 2.5.2-1+deb11u1.

We recommend that you upgrade your exempi packages.

For the detailed security status of exempi please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/exempi

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the exempi packages.

See Also

https://security-tracker.debian.org/tracker/source-package/exempi

https://security-tracker.debian.org/tracker/CVE-2021-36045

https://security-tracker.debian.org/tracker/CVE-2021-36046

https://security-tracker.debian.org/tracker/CVE-2021-36047

https://security-tracker.debian.org/tracker/CVE-2021-36048

https://security-tracker.debian.org/tracker/CVE-2021-36050

https://security-tracker.debian.org/tracker/CVE-2021-36051

https://security-tracker.debian.org/tracker/CVE-2021-36052

https://security-tracker.debian.org/tracker/CVE-2021-36053

https://security-tracker.debian.org/tracker/CVE-2021-36054

https://security-tracker.debian.org/tracker/CVE-2021-36055

https://security-tracker.debian.org/tracker/CVE-2021-36056

https://security-tracker.debian.org/tracker/CVE-2021-36057

https://security-tracker.debian.org/tracker/CVE-2021-36058

https://security-tracker.debian.org/tracker/CVE-2021-36064

https://security-tracker.debian.org/tracker/CVE-2021-39847

https://security-tracker.debian.org/tracker/CVE-2021-40716

https://security-tracker.debian.org/tracker/CVE-2021-40732

https://security-tracker.debian.org/tracker/CVE-2021-42528

https://security-tracker.debian.org/tracker/CVE-2021-42529

https://security-tracker.debian.org/tracker/CVE-2021-42530

https://security-tracker.debian.org/tracker/CVE-2021-42531

https://security-tracker.debian.org/tracker/CVE-2021-42532

https://packages.debian.org/source/bullseye/exempi

Plugin Details

Severity: High

ID: 243315

File Name: debian_DLA-4264.nasl

Version: 1.1

Type: local

Agent: unix

Published: 8/4/2025

Updated: 8/4/2025

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-42532

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:exempi, p-cpe:/a:debian:debian_linux:libexempi8, p-cpe:/a:debian:debian_linux:libexempi-dev

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 8/4/2025

Vulnerability Publication Date: 9/1/2021

Reference Information

CVE: CVE-2021-36045, CVE-2021-36046, CVE-2021-36047, CVE-2021-36048, CVE-2021-36050, CVE-2021-36051, CVE-2021-36052, CVE-2021-36053, CVE-2021-36054, CVE-2021-36055, CVE-2021-36056, CVE-2021-36057, CVE-2021-36058, CVE-2021-36064, CVE-2021-39847, CVE-2021-40716, CVE-2021-40732, CVE-2021-42528, CVE-2021-42529, CVE-2021-42530, CVE-2021-42531, CVE-2021-42532