Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200712-16
HistoryDec 29, 2007 - 12:00 a.m.

Exiv2: Integer overflow

2007-12-2900:00:00
Gentoo Foundation
security.gentoo.org
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON

Background

Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files.

Description

Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow.

Impact

An attacker could entice the user of an application making use of Exiv2 or an application included in Exiv2 to load an image file with specially crafted Exif tags, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Exiv2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.13-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/exiv2< 0.13-r1UNKNOWN

Related

nessus 7
prion 1
openvas 11
ubuntucve 1
cve 1
fedora 2
debiancve 1
debian 1
redhatcve 1
cbl_mariner 1
ubuntu 1
securityvulns 1
nessus
nessus
Fedora 7 : exiv2-0.15-5.fc7 (2007-4591)
2007-12-24 00:00:00
openSUSE 10 Security Update : libexiv2 (libexiv2-4850)
2007-12-24 00:00:00
Debian DSA-1474-1 : exiv2 - integer overflow
2008-01-27 00:00:00
prion
prion
Integer overflow
2007-12-20 01:46:00
openvas
openvas
Gentoo Security Advisory GLSA 200712-16 (exiv2)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200712-16 (exiv2)
2008-09-24 00:00:00
Fedora Update for exiv2 FEDORA-2007-4551
2009-02-27 00:00:00
ubuntucve
ubuntucve
CVE-2007-6353
2007-12-19 00:00:00
cve
cve
CVE-2007-6353
2007-12-20 01:46:00
fedora
fedora
[SECURITY] Fedora 8 Update: exiv2-0.15-5.fc8
2007-12-20 20:14:45
[SECURITY] Fedora 7 Update: exiv2-0.15-5.fc7
2007-12-20 20:11:14
debiancve
debiancve
CVE-2007-6353
2007-12-20 01:46:00
debian
debian
[SECURITY] [DSA 1474-1] New exiv2 packages fix arbitrary code execution
2008-01-23 21:41:02
redhatcve
redhatcve
CVE-2007-6353
2019-10-04 21:24:50
cbl_mariner
cbl_mariner
CVE-2007-6353 affecting package exiv2 0.28.0-1
2024-05-02 09:06:29
ubuntu
ubuntu
exiv2 vulnerabilities
2008-10-15 00:00:00
securityvulns
securityvulns
Multiple security vulnerabilities in different Exif libraries &#40;libexif, exiv2, exiftags&#41;
2007-12-29 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON
Related for GLSA-200712-16
nessus7prion1openvas11ubuntucve1cve1fedora2debiancve1debian1redhatcve1cbl_mariner1ubuntu1securityvulns1