Detections
Analytics

Debian dla-4264 : exempi - security update

high Nessus Plugin ID 243315

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4264 advisory.

 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4264-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 04, 2025 https://wiki.debian.org/LTS
 - -------------------------------------------------------------------------

 Package : exempi Version : 2.5.2-1+deb11u1 CVE ID : CVE-2021-36045 CVE-2021-36046 CVE-2021-36047 CVE-2021-36048 CVE-2021-36050 CVE-2021-36051 CVE-2021-36052 CVE-2021-36053 CVE-2021-36054 CVE-2021-36055 CVE-2021-36056 CVE-2021-36057 CVE-2021-36058 CVE-2021-36064 CVE-2021-39847 CVE-2021-40716 CVE-2021-40732 CVE-2021-42528 CVE-2021-42529 CVE-2021-42530 CVE-2021-42531 CVE-2021-42532

 Multiple vulnerabilities have been fixed in Exempi, an implementation of XMP (Extensible Metadata Platform).

 CVE-2021-36045

 Out-of-bounds Access

 CVE-2021-36046

 Out-of-bounds Access

 CVE-2021-36047

 Improper Input Validation

 CVE-2021-36048

 Improper Input Validation

 CVE-2021-36050

 Heap-based Buffer Overflow

 CVE-2021-36051

 Heap-based Buffer Overflow

 CVE-2021-36052

 Out-of-bounds Access

 CVE-2021-36053

 Out-of-bounds Access

 CVE-2021-36054

 Heap-based Buffer Overflow

 CVE-2021-36055

 Heap-based Buffer Overflow

 CVE-2021-36056

 Heap-based Buffer Overflow

 CVE-2021-36057

 Write-what-where Condition

 CVE-2021-36058

 Integer Overflow or Wraparound

 CVE-2021-36064

 Buffer Underwrite

 CVE-2021-39847

 Stack-based Buffer Overflow

 CVE-2021-40716

 Out-of-bounds Access

 CVE-2021-40732

 NULL Pointer Dereference

 CVE-2021-42528

 NULL Pointer Dereference

 CVE-2021-42529

 Stack-based Buffer Overflow

 CVE-2021-42530

 Stack-based Buffer Overflow

 CVE-2021-42531

 Stack-based Buffer Overflow

 CVE-2021-42532

 Stack-based Buffer Overflow

 For Debian 11 bullseye, these problems have been fixed in version 2.5.2-1+deb11u1.

 We recommend that you upgrade your exempi packages.

 For the detailed security status of exempi please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/exempi

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the exempi packages.

See Also

https://security-tracker.debian.org/tracker/source-package/exempi

https://security-tracker.debian.org/tracker/CVE-2021-36045

https://security-tracker.debian.org/tracker/CVE-2021-36046

https://security-tracker.debian.org/tracker/CVE-2021-36047

https://security-tracker.debian.org/tracker/CVE-2021-36048

https://security-tracker.debian.org/tracker/CVE-2021-36050

https://security-tracker.debian.org/tracker/CVE-2021-36051

https://security-tracker.debian.org/tracker/CVE-2021-36052

https://security-tracker.debian.org/tracker/CVE-2021-36053

https://security-tracker.debian.org/tracker/CVE-2021-36054

https://security-tracker.debian.org/tracker/CVE-2021-36055

https://security-tracker.debian.org/tracker/CVE-2021-36056

https://security-tracker.debian.org/tracker/CVE-2021-36057

https://security-tracker.debian.org/tracker/CVE-2021-36058

https://security-tracker.debian.org/tracker/CVE-2021-36064

https://security-tracker.debian.org/tracker/CVE-2021-39847

https://security-tracker.debian.org/tracker/CVE-2021-40716

https://security-tracker.debian.org/tracker/CVE-2021-40732

https://security-tracker.debian.org/tracker/CVE-2021-42528

https://security-tracker.debian.org/tracker/CVE-2021-42529

https://security-tracker.debian.org/tracker/CVE-2021-42530

https://security-tracker.debian.org/tracker/CVE-2021-42531

https://security-tracker.debian.org/tracker/CVE-2021-42532

https://packages.debian.org/source/bullseye/exempi

Plugin Details

Severity: High

ID: 243315

File Name: debian_DLA-4264.nasl

Version: 1.1

Type: local

Agent: unix

Published: 8/4/2025

Updated: 8/4/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-42532

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libexempi8, cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libexempi-dev, p-cpe:/a:debian:debian_linux:exempi

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 8/4/2025

Vulnerability Publication Date: 9/1/2021

Reference Information

CVE: CVE-2021-36045, CVE-2021-36046, CVE-2021-36047, CVE-2021-36048, CVE-2021-36050, CVE-2021-36051, CVE-2021-36052, CVE-2021-36053, CVE-2021-36054, CVE-2021-36055, CVE-2021-36056, CVE-2021-36057, CVE-2021-36058, CVE-2021-36064, CVE-2021-39847, CVE-2021-40716, CVE-2021-40732, CVE-2021-42528, CVE-2021-42529, CVE-2021-42530, CVE-2021-42531, CVE-2021-42532