An update for exempi is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2227 Final 1.0 1.0 2025-09-05 Initial 2025-09-05 2025-09-05 openEuler SA Tool V1.0 2025-09-05 exempi security update An update for exempi is now available for openEuler-20.03-LTS-SP4 Exempi is an implementation of XMP. Version 2.x is based on Adobe XMP SDK and released under a BSD-style license like Adobe's. Security Fix(es): XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.(CVE-2025-30305) XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.(CVE-2025-30306) XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.(CVE-2025-30307) XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.(CVE-2025-30308) XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.(CVE-2025-30309) An update for exempi is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium exempi https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2227 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-30305 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-30306 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-30307 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-30308 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-30309 https://nvd.nist.gov/vuln/detail/CVE-2025-30305 https://nvd.nist.gov/vuln/detail/CVE-2025-30306 https://nvd.nist.gov/vuln/detail/CVE-2025-30307 https://nvd.nist.gov/vuln/detail/CVE-2025-30308 https://nvd.nist.gov/vuln/detail/CVE-2025-30309 openEuler-20.03-LTS-SP4 exempi-2.4.5-6.oe2003sp4.aarch64.rpm exempi-debuginfo-2.4.5-6.oe2003sp4.aarch64.rpm exempi-debugsource-2.4.5-6.oe2003sp4.aarch64.rpm exempi-devel-2.4.5-6.oe2003sp4.aarch64.rpm exempi-2.4.5-6.oe2003sp4.src.rpm exempi-2.4.5-6.oe2003sp4.x86_64.rpm exempi-debuginfo-2.4.5-6.oe2003sp4.x86_64.rpm exempi-debugsource-2.4.5-6.oe2003sp4.x86_64.rpm exempi-devel-2.4.5-6.oe2003sp4.x86_64.rpm exempi-help-2.4.5-6.oe2003sp4.noarch.rpm XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2025-09-05 CVE-2025-30305 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N exempi security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2227 XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2025-09-05 CVE-2025-30306 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N exempi security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2227 XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2025-09-05 CVE-2025-30307 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N exempi security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2227 XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2025-09-05 CVE-2025-30308 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N exempi security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2227 XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2025-09-05 CVE-2025-30309 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N exempi security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2227