LibEXIF 0.6.x - Exif_Data_Load_Data_Entry Remote Integer Overflow

2007-05-11T00:00:00
ID EXPLOITPACK:36990FE3B939278DA7197CDD2E06F0F7
Type exploitpack
Reporter Victor Stinner
Modified 2007-05-11T00:00:00

Description

LibEXIF 0.6.x - Exif_Data_Load_Data_Entry Remote Integer Overflow

                                        
                                            source: https://www.securityfocus.com/bid/23927/info

The libexif library is prone to an integer-overflow vulnerability because the software fails to properly ensure that integer math operations do not result in overflows.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.

Versions of libexif prior to 0.6.14 are vulnerable to this issue. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/30024.jpg