libexif security update

2007-12-1918:22:27

CentOS Project

lists.centos.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.0%

JSON

CentOS Errata and Security Advisory CESA-2007:1166

The libexif packages contain the Exif library. Exif is an image file format
specification that enables metadata tags to be added to existing JPEG, TIFF
and RIFF files. The Exif library makes it possible to parse an Exif file
and read this metadata.

An integer overflow flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to execute arbitrary code, or crash.
(CVE-2007-6352)

Users of libexif are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-December/076689.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076690.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076705.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076706.html

Affected packages:
libexif
libexif-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:1166

OSVersionArchitecturePackageVersionFilename
CentOS4ia64libexif< 0.5.12-5.1.0.2.c4.1libexif-0.5.12-5.1.0.2.c4.1.ia64.rpm
CentOS4ia64libexif-devel< 0.5.12-5.1.0.2.c4.1libexif-devel-0.5.12-5.1.0.2.c4.1.ia64.rpm
CentOS4s390libexif< 0.5.12-5.1.0.2.c4.1libexif-0.5.12-5.1.0.2.c4.1.s390.rpm
CentOS4s390libexif-devel< 0.5.12-5.1.0.2.c4.1libexif-devel-0.5.12-5.1.0.2.c4.1.s390.rpm
CentOS4s390xlibexif< 0.5.12-5.1.0.2.c4.1libexif-0.5.12-5.1.0.2.c4.1.s390x.rpm
CentOS4s390xlibexif-devel< 0.5.12-5.1.0.2.c4.1libexif-devel-0.5.12-5.1.0.2.c4.1.s390x.rpm
CentOS4i386libexif< 0.5.12-5.1.0.2.el4_6.1libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm
CentOS4i386libexif-devel< 0.5.12-5.1.0.2.el4_6.1libexif-devel-0.5.12-5.1.0.2.el4_6.1.i386.rpm
CentOS4i386libexif< 0.5.12-5.1.0.2.el4_6.1libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm
CentOS4x86_64libexif< 0.5.12-5.1.0.2.el4_6.1libexif-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	4	ia64	libexif	< 0.5.12-5.1.0.2.c4.1	libexif-0.5.12-5.1.0.2.c4.1.ia64.rpm
CentOS	4	ia64	libexif-devel	< 0.5.12-5.1.0.2.c4.1	libexif-devel-0.5.12-5.1.0.2.c4.1.ia64.rpm
CentOS	4	s390	libexif	< 0.5.12-5.1.0.2.c4.1	libexif-0.5.12-5.1.0.2.c4.1.s390.rpm
CentOS	4	s390	libexif-devel	< 0.5.12-5.1.0.2.c4.1	libexif-devel-0.5.12-5.1.0.2.c4.1.s390.rpm
CentOS	4	s390x	libexif	< 0.5.12-5.1.0.2.c4.1	libexif-0.5.12-5.1.0.2.c4.1.s390x.rpm
CentOS	4	s390x	libexif-devel	< 0.5.12-5.1.0.2.c4.1	libexif-devel-0.5.12-5.1.0.2.c4.1.s390x.rpm
CentOS	4	i386	libexif	< 0.5.12-5.1.0.2.el4_6.1	libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm
CentOS	4	i386	libexif-devel	< 0.5.12-5.1.0.2.el4_6.1	libexif-devel-0.5.12-5.1.0.2.el4_6.1.i386.rpm
CentOS	4	i386	libexif	< 0.5.12-5.1.0.2.el4_6.1	libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm
CentOS	4	x86_64	libexif	< 0.5.12-5.1.0.2.el4_6.1	libexif-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm