[email protected]CVE-2007-6353

HistoryDec 20, 2007 - 1:46 a.m.

CVE-2007-6353

2007-12-2001:46:00

CWE-189

[email protected]

web.nvd.nist.gov

110

exiv2

integer overflow

code execution

exif

crafted file

nvd

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

CPENameOperatorVersion
exiv2:exiv2exiv2eq*

CPE	Name	Operator	Version
exiv2:exiv2	exiv2	eq	*

References

bugs.gentoo.org/show_bug.cgi?id=202351

lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html

secunia.com/advisories/28132

secunia.com/advisories/28178

secunia.com/advisories/28267

secunia.com/advisories/28412

secunia.com/advisories/28610

secunia.com/advisories/32273

security.gentoo.org/glsa/glsa-200712-16.xml

www.debian.org/security/2008/dsa-1474

www.mandriva.com/security/advisories?name=MDVSA-2008:006

www.securityfocus.com/bid/26918

www.ubuntu.com/usn/usn-655-1

www.vupen.com/english/advisories/2007/4252

bugzilla.redhat.com/show_bug.cgi?id=425921

exchange.xforce.ibmcloud.com/vulnerabilities/39118

www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html

www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2007-6353

fedora2 openvas6 nessus7 gentoo1 debiancve1 prion1 ubuntucve1 debian1 redhatcve1 cbl_mariner1 ubuntu1 securityvulns1