Search...

Gentoo Security Advisory GLSA 200712-17 (exiftags)

2008-09-24T00:00:00

ID OPENVAS:60079
Type openvas
Reporter Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing updates announced in advisory GLSA 200712-17.

                                        
                                            # OpenVAS Vulnerability Test
# $
# Description: Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "Multiple vulnerabilities in exiftags possibly allow for the execution of
arbitrary code or a Denial of Service.";
tag_solution = "All exiftags users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose '&gt;=media-gfx/exiftags-1.01'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200712-17
http://bugs.gentoo.org/show_bug.cgi?id=202354";
tag_summary = "The remote host is missing updates announced in
advisory GLSA 200712-17.";

                                                                                

if(description)
{
 script_id(60079);
 script_version("$Revision: 6596 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
 script_cve_id("CVE-2007-6354", "CVE-2007-6355", "CVE-2007-6356");
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_name("Gentoo Security Advisory GLSA 200712-17 (exiftags)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
 script_family("Gentoo Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-gentoo.inc");

res = "";
report = "";
if ((res = ispkgvuln(pkg:"media-gfx/exiftags", unaffected: make_list("ge 1.01"), vulnerable: make_list("lt 1.01"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:60079", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200712-17 (exiftags)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200712-17.", "published": "2008-09-24T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60079", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2007-6355", "CVE-2007-6356", "CVE-2007-6354"], "lastseen": "2017-07-24T12:50:25", "viewCount": 0, "enchantments": {"score": {"value": 8.1, "vector": "NONE", "modified": "2017-07-24T12:50:25", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6356", "CVE-2007-6355", "CVE-2007-6354"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200712-17.NASL", "DEBIAN_DSA-1533.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1533-2:0BE17", "DEBIAN:DSA-1533-1:5157E"]}, {"type": "gentoo", "idList": ["GLSA-200712-17"]}, {"type": "openvas", "idList": ["OPENVAS:60654", "OPENVAS:60659"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8510"]}], "modified": "2017-07-24T12:50:25", "rev": 2}, "vulnersScore": 8.1}, "pluginID": "60079", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in exiftags possibly allow for the execution of\narbitrary code or a Denial of Service.\";\ntag_solution = \"All exiftags users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/exiftags-1.01'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200712-17\nhttp://bugs.gentoo.org/show_bug.cgi?id=202354\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200712-17.\";\n\n \n\nif(description)\n{\n script_id(60079);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-6354\", \"CVE-2007-6355\", \"CVE-2007-6356\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200712-17 (exiftags)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-gfx/exiftags\", unaffected: make_list(\"ge 1.01\"), vulnerable: make_list(\"lt 1.01\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks"}

{"cve": [{"lastseen": "2020-12-09T19:26:09", "description": "Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a \"field offset overflow\" that triggers an \"illegal memory access,\" a different vulnerability than CVE-2007-6354.", "edition": 5, "cvss3": {}, "published": "2007-12-18T20:46:00", "title": "CVE-2007-6355", "type": "cve", "cwe": ["CWE-189", "NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6355"], "modified": "2011-05-13T04:00:00", "cpe": ["cpe:/a:aertherwide:exiftags:0.94", "cpe:/a:aertherwide:exiftags:0.90", "cpe:/a:aertherwide:exiftags:0.96", "cpe:/a:aertherwide:exiftags:0.93", "cpe:/a:aertherwide:exiftags:0.80", "cpe:/a:aertherwide:exiftags:0.99", "cpe:/a:aertherwide:exiftags:0.97", "cpe:/a:aertherwide:exiftags:0.92", "cpe:/a:aertherwide:exiftags:0.95", "cpe:/a:aertherwide:exiftags:1.00", "cpe:/a:aertherwide:exiftags:0.91", "cpe:/a:aertherwide:exiftags:0.98"], "id": "CVE-2007-6355", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6355", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:aertherwide:exiftags:0.93:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.97:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.94:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.98:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.96:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:09", "description": "exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.", "edition": 5, "cvss3": {}, "published": "2007-12-18T20:46:00", "title": "CVE-2007-6356", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6356"], "modified": "2011-03-08T03:02:00", "cpe": ["cpe:/a:aertherwide:exiftags:1.01"], "id": "CVE-2007-6356", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6356", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:aertherwide:exiftags:1.01:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:09", "description": "Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a \"field offset overflow\" that triggers an \"illegal memory access,\" a different vulnerability than CVE-2007-6355.", "edition": 5, "cvss3": {}, "published": "2007-12-18T20:46:00", "title": "CVE-2007-6354", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6354"], "modified": "2011-05-13T04:00:00", "cpe": ["cpe:/a:aertherwide:exiftags:0.94", "cpe:/a:aertherwide:exiftags:0.90", "cpe:/a:aertherwide:exiftags:0.96", "cpe:/a:aertherwide:exiftags:0.93", "cpe:/a:aertherwide:exiftags:0.80", "cpe:/a:aertherwide:exiftags:0.99", "cpe:/a:aertherwide:exiftags:0.97", "cpe:/a:aertherwide:exiftags:0.92", "cpe:/a:aertherwide:exiftags:0.95", "cpe:/a:aertherwide:exiftags:1.00", "cpe:/a:aertherwide:exiftags:0.91", "cpe:/a:aertherwide:exiftags:0.98"], "id": "CVE-2007-6354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6354", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:aertherwide:exiftags:0.93:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.97:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.94:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.98:*:*:*:*:*:*:*", "cpe:2.3:a:aertherwide:exiftags:0.96:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6355", "CVE-2007-6356", "CVE-2007-6354"], "description": "### Background\n\nexiftags is a library and set of tools for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. \n\n### Description\n\nMeder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356). \n\n### Impact\n\nAn attacker could entice the user of an application making use of exiftags or an application included in exiftags to load an image file with specially crafted Exif tags, possibly resulting in the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll exiftags users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/exiftags-1.01\"", "edition": 1, "modified": "2007-12-29T00:00:00", "published": "2007-12-29T00:00:00", "id": "GLSA-200712-17", "href": "https://security.gentoo.org/glsa/200712-17", "type": "gentoo", "title": "exiftags: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6355", "CVE-2007-6356", "CVE-2007-6354"], "description": "The remote host is missing an update to exiftags\nannounced via advisory DSA 1533-1.", "modified": "2017-07-07T00:00:00", "published": "2008-04-07T00:00:00", "id": "OPENVAS:60654", "href": "http://plugins.openvas.org/nasl.php?oid=60654", "type": "openvas", "title": "Debian Security Advisory DSA 1533-1 (exiftags)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1533_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1533-1 (exiftags)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Christian Schmid and Meder Kydyraliev (Google Security) discovered a\nnumber of vulnerabilities in exiftags, a utility for extracting EXIF\nmetadata from JPEG images. The Common Vulnerabilities and Exposures\nproject identified the following three problems:\n\nCVE-2007-6354\n\nInadequate EXIF property validation could lead to invalid memory\naccesses if executed on a maliciously crafted image, potentially\nincluding heap corruption and the execution of arbitrary code.\n\nCVE-2007-6355\n\nFlawed data validation could lead to integer overflows, causing\nother invalid memory accesses, also with the potential for memory\ncorruption or arbitrary code execution.\n\nCVE-2007-6356\n\nCyclical EXIF image file directory (IFD) references could cause\na denial of service (infinite loop).\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.98-1.1+etch1.\n\nThe old stable distribution (sarge) cannot be fixed synchronously\nwith the Etch version due to a technical limitation in the Debian\narchive management scripts.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.01-0.1.\n\nWe recommend that you upgrade your exiftags package.\";\ntag_summary = \"The remote host is missing an update to exiftags\nannounced via advisory DSA 1533-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201533-1\";\n\n\nif(description)\n{\n script_id(60654);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-07 20:38:54 +0200 (Mon, 07 Apr 2008)\");\n script_cve_id(\"CVE-2007-6354\", \"CVE-2007-6355\", \"CVE-2007-6356\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1533-1 (exiftags)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"exiftags\", ver:\"0.98-1.1+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6355", "CVE-2007-6356", "CVE-2007-6354"], "description": "The remote host is missing an update to exiftags\nannounced via advisory DSA 1533-2.", "modified": "2017-07-07T00:00:00", "published": "2008-04-07T00:00:00", "id": "OPENVAS:60659", "href": "http://plugins.openvas.org/nasl.php?oid=60659", "type": "openvas", "title": "Debian Security Advisory DSA 1533-2 (exiftags)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1533_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1533-2 (exiftags)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Christian Schmid and Meder Kydyraliev (Google Security) discovered a\nnumber of vulnerabilities in exiftags, a utility for extracting EXIF\nmetadata from JPEG images. This update merely adds the packages for\nDebian 3.1 sarge (oldstable) which were missing in the previous DSA.\n\nThe Common Vulnerabilities and Exposures project identified the\nfollowing three problems:\n\nCVE-2007-6354\n\nInadequate EXIF property validation could lead to invalid memory\naccesses if executed on a maliciously crafted image, potentially\nincluding heap corruption and the execution of arbitrary code.\n\nCVE-2007-6355\n\nFlawed data validation could lead to integer overflows, causing\nother invalid memory accesses, also with the potential for memory\ncorruption or arbitrary code execution.\n\nCVE-2007-6356\n\nCyclical EXIF image file directory (IFD) references could cause\na denial of service (infinite loop).\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.98-1.1+etch1.\n\nFor the oldstable distribution (sarge), these problems have been fixed\nin version 0.98-1.1+0sarge1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.01-0.1.\";\ntag_summary = \"The remote host is missing an update to exiftags\nannounced via advisory DSA 1533-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201533-2\";\n\n\nif(description)\n{\n script_id(60659);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-07 20:38:54 +0200 (Mon, 07 Apr 2008)\");\n script_cve_id(\"CVE-2007-6354\", \"CVE-2007-6355\", \"CVE-2007-6356\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1533-2 (exiftags)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"exiftags\", ver:\"0.98-1.1+0sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"exiftags\", ver:\"0.98-1.1+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:20", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6355", "CVE-2007-6356", "CVE-2007-6354"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1533-1 security@debian.org\nhttp://www.debian.org/security/ Devin Carraway\nMarch 27, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : exiftags\nVulnerability : insufficient input sanitizing\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-6354 CVE-2007-6355 CVE-2007-6356\nDebian Bug : 457062\n\nChristian Schmid and Meder Kydyraliev (Google Security) discovered a\nnumber of vulnerabilities in exiftags, a utility for extracting EXIF\nmetadata from JPEG images. The Common Vulnerabilities and Exposures\nproject identified the following three problems:\n\nCVE-2007-6354\n\n Inadequate EXIF property validation could lead to invalid memory\n accesses if executed on a maliciously crafted image, potentially\n including heap corruption and the execution of arbitrary code.\n\nCVE-2007-6355\n \n Flawed data validation could lead to integer overflows, causing \n other invalid memory accesses, also with the potential for memory\n corruption or arbitrary code execution.\n\nCVE-2007-6356\n\n Cyclical EXIF image file directory (IFD) references could cause\n a denial of service (infinite loop).\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.98-1.1+etch1.\n\nThe old stable distribution (sarge) cannot be fixed synchronously\nwith the Etch version due to a technical limitation in the Debian\narchive management scripts.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.01-0.1.\n\nWe recommend that you upgrade your exiftags package.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1.dsc\n Size/MD5 checksum: 577 7b8743189acd9b4c0a7a25cabb5b753d\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1.diff.gz\n Size/MD5 checksum: 5128 2f82244bd73046f31b07e77a7381dd15\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98.orig.tar.gz\n Size/MD5 checksum: 50195 5a8a4057c4dac1d765da5f9ef4527bdf\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_alpha.deb\n Size/MD5 checksum: 62970 e481f4f8ce70b25a648a2d3678d48e07\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_amd64.deb\n Size/MD5 checksum: 57924 a5a6906e8d05beeffc763379a9c45ba2\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_arm.deb\n Size/MD5 checksum: 56278 b06bf3f7722f034096719c7153fae5bd\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_i386.deb\n Size/MD5 checksum: 52558 ceed89333fd99a11d26765390ae35871\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_ia64.deb\n Size/MD5 checksum: 75164 ca893189af6fe68536774bac7dd357a1\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_mips.deb\n Size/MD5 checksum: 61010 a5415b5fb389903c20c431a245fcb3fb\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_mipsel.deb\n Size/MD5 checksum: 60064 2961a652e3cb269a0671fe2281b2f017\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_powerpc.deb\n Size/MD5 checksum: 54734 23a4389bb781e0a054c1687986ac1b1a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_s390.deb\n Size/MD5 checksum: 58988 38bf328294b2afe633ef99a5b97f3f1e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_sparc.deb\n Size/MD5 checksum: 56132 d2e1cd3190fe528527beaacc2ef6be3f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2008-03-27T22:26:56", "published": "2008-03-27T22:26:56", "id": "DEBIAN:DSA-1533-1:5157E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00101.html", "title": "[SECURITY] [DSA 1533-1] New exiftags packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:47:24", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6355", "CVE-2007-6356", "CVE-2007-6354"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1533-2 security@debian.org\nhttp://www.debian.org/security/ Devin Carraway\nApril 01, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : exiftags\nVulnerability : insufficient input sanitizing\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-6354 CVE-2007-6355 CVE-2007-6356\nDebian Bug : 457062\n\nChristian Schmid and Meder Kydyraliev (Google Security) discovered a\nnumber of vulnerabilities in exiftags, a utility for extracting EXIF\nmetadata from JPEG images. This update merely adds the packages for\nDebian 3.1 sarge (oldstable) which were missing in the previous DSA.\n\nThe Common Vulnerabilities and Exposures project identified the\nfollowing three problems:\n\nCVE-2007-6354\n\n Inadequate EXIF property validation could lead to invalid memory\n accesses if executed on a maliciously crafted image, potentially\n including heap corruption and the execution of arbitrary code.\n\nCVE-2007-6355\n\n Flawed data validation could lead to integer overflows, causing\n other invalid memory accesses, also with the potential for memory\n corruption or arbitrary code execution.\n\nCVE-2007-6356\n\n Cyclical EXIF image file directory (IFD) references could cause\n a denial of service (infinite loop).\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.98-1.1+etch1.\n\nFor the oldstable distribution (sarge), these problems have been fixed\nin version 0.98-1.1+0sarge1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.01-0.1.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1.diff.gz\n Size/MD5 checksum: 5131 3baa30a42f531580a502a3f3818ead56\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98.orig.tar.gz\n Size/MD5 checksum: 50195 5a8a4057c4dac1d765da5f9ef4527bdf\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1.dsc\n Size/MD5 checksum: 873 b85e0a4a382cac6a844af52e42c670bb\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_alpha.deb\n Size/MD5 checksum: 63406 d4b9ee67dcfb07ef1bc6ab143bd50496\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_amd64.deb\n Size/MD5 checksum: 56656 83688a1b3ec9c359a734f04bb985350d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_arm.deb\n Size/MD5 checksum: 56064 eb60a8336c020a588458bb07fb57c1bc\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_hppa.deb\n Size/MD5 checksum: 59824 be52ea467c6651b65a371895948005b4\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_i386.deb\n Size/MD5 checksum: 52514 1850fa2d6b54fe1029553605509ef7cf\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_ia64.deb\n Size/MD5 checksum: 76252 ce03fb64e959c8a2f24ad3744ca80fd5\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_m68k.deb\n Size/MD5 checksum: 53120 8c98a08982680a42e1c6aab585faf487\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_mips.deb\n Size/MD5 checksum: 60736 14cbe8b15c5260b969961cf4107da991\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_mipsel.deb\n Size/MD5 checksum: 60040 3bdbbf546125a75c00800cb4039b25ab\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_powerpc.deb\n Size/MD5 checksum: 54812 8d33fe8cb068bf1f02ce0c4a8cd3c8d0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_s390.deb\n Size/MD5 checksum: 58208 9e7eeadcaefc2fe90aa11ece173348e2\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1.dsc\n Size/MD5 checksum: 577 7b8743189acd9b4c0a7a25cabb5b753d\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1.diff.gz\n Size/MD5 checksum: 5128 2f82244bd73046f31b07e77a7381dd15\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98.orig.tar.gz\n Size/MD5 checksum: 50195 5a8a4057c4dac1d765da5f9ef4527bdf\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_alpha.deb\n Size/MD5 checksum: 62970 e481f4f8ce70b25a648a2d3678d48e07\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_amd64.deb\n Size/MD5 checksum: 57924 a5a6906e8d05beeffc763379a9c45ba2\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_arm.deb\n Size/MD5 checksum: 56278 b06bf3f7722f034096719c7153fae5bd\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_i386.deb\n Size/MD5 checksum: 52558 ceed89333fd99a11d26765390ae35871\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_ia64.deb\n Size/MD5 checksum: 75164 ca893189af6fe68536774bac7dd357a1\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_mips.deb\n Size/MD5 checksum: 61010 a5415b5fb389903c20c431a245fcb3fb\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_mipsel.deb\n Size/MD5 checksum: 60064 2961a652e3cb269a0671fe2281b2f017\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_powerpc.deb\n Size/MD5 checksum: 54734 23a4389bb781e0a054c1687986ac1b1a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_s390.deb\n Size/MD5 checksum: 58988 38bf328294b2afe633ef99a5b97f3f1e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_sparc.deb\n Size/MD5 checksum: 56132 d2e1cd3190fe528527beaacc2ef6be3f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 6, "modified": "2008-04-01T07:54:44", "published": "2008-04-01T07:54:44", "id": "DEBIAN:DSA-1533-2:0BE17", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00106.html", "title": "[SECURITY] [DSA 1533-2] New exiftags packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T10:52:17", "description": "The remote host is affected by the vulnerability described in GLSA-200712-17\n(exiftags: Multiple vulnerabilities)\n\n Meder Kydyraliev (Google Security) discovered that Exif metadata is not\n properly sanitized before being processed, resulting in illegal memory\n access in the postprop() and other functions (CVE-2007-6354). He also\n discovered integer overflow vulnerabilities in the parsetag() and other\n functions (CVE-2007-6355) and an infinite recursion in the readifds()\n function caused by recursive IFD references (CVE-2007-6356).\n \nImpact :\n\n An attacker could entice the user of an application making use of\n exiftags or an application included in exiftags to load an image file\n with specially crafted Exif tags, possibly resulting in the execution\n of arbitrary code with the privileges of the user running the\n application or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2007-12-31T00:00:00", "title": "GLSA-200712-17 : exiftags: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6355", "CVE-2007-6356", "CVE-2007-6354"], "modified": "2007-12-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:exiftags", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200712-17.NASL", "href": "https://www.tenable.com/plugins/nessus/29814", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200712-17.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29814);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-6354\", \"CVE-2007-6355\", \"CVE-2007-6356\");\n script_xref(name:\"GLSA\", value:\"200712-17\");\n\n script_name(english:\"GLSA-200712-17 : exiftags: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200712-17\n(exiftags: Multiple vulnerabilities)\n\n Meder Kydyraliev (Google Security) discovered that Exif metadata is not\n properly sanitized before being processed, resulting in illegal memory\n access in the postprop() and other functions (CVE-2007-6354). He also\n discovered integer overflow vulnerabilities in the parsetag() and other\n functions (CVE-2007-6355) and an infinite recursion in the readifds()\n function caused by recursive IFD references (CVE-2007-6356).\n \nImpact :\n\n An attacker could entice the user of an application making use of\n exiftags or an application included in exiftags to load an image file\n with specially crafted Exif tags, possibly resulting in the execution\n of arbitrary code with the privileges of the user running the\n application or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200712-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All exiftags users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/exiftags-1.01'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:exiftags\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/exiftags\", unaffected:make_list(\"ge 1.01\"), vulnerable:make_list(\"lt 1.01\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"exiftags\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:44:59", "description": "Christian Schmid and Meder Kydyraliev (Google Security) discovered a\nnumber of vulnerabilities in exiftags, a utility for extracting EXIF\nmetadata from JPEG images. The Common Vulnerabilities and Exposures\nproject identified the following three problems :\n\n - CVE-2007-6354\n Inadequate EXIF property validation could lead to\n invalid memory accesses if executed on a maliciously\n crafted image, potentially including heap corruption and\n the execution of arbitrary code.\n\n - CVE-2007-6355\n Flawed data validation could lead to integer overflows,\n causing other invalid memory accesses, also with the\n potential for memory corruption or arbitrary code\n execution.\n\n - CVE-2007-6356\n Cyclical EXIF image file directory (IFD) references\n could cause a denial of service (infinite loop).", "edition": 27, "published": "2008-03-31T00:00:00", "title": "Debian DSA-1533-2 : exiftags - insufficient input sanitizing", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6355", "CVE-2007-6356", "CVE-2007-6354"], "modified": "2008-03-31T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:exiftags"], "id": "DEBIAN_DSA-1533.NASL", "href": "https://www.tenable.com/plugins/nessus/31710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1533. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31710);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6354\", \"CVE-2007-6355\", \"CVE-2007-6356\");\n script_xref(name:\"DSA\", value:\"1533\");\n\n script_name(english:\"Debian DSA-1533-2 : exiftags - insufficient input sanitizing\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christian Schmid and Meder Kydyraliev (Google Security) discovered a\nnumber of vulnerabilities in exiftags, a utility for extracting EXIF\nmetadata from JPEG images. The Common Vulnerabilities and Exposures\nproject identified the following three problems :\n\n - CVE-2007-6354\n Inadequate EXIF property validation could lead to\n invalid memory accesses if executed on a maliciously\n crafted image, potentially including heap corruption and\n the execution of arbitrary code.\n\n - CVE-2007-6355\n Flawed data validation could lead to integer overflows,\n causing other invalid memory accesses, also with the\n potential for memory corruption or arbitrary code\n execution.\n\n - CVE-2007-6356\n Cyclical EXIF image file directory (IFD) references\n could cause a denial of service (infinite loop).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1533\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the oldstable distribution (sarge), these problems have been fixed\nin version 0.98-1.1+0sarge1.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.98-1.1+etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:exiftags\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"exiftags\", reference:\"0.98-1.1+0sarge1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"exiftags\", reference:\"0.98-1.1+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "cvelist": ["CVE-2007-6352", "CVE-2007-6353", "CVE-2007-6351", "CVE-2007-6355", "CVE-2007-6356", "CVE-2007-6354"], "description": "Multiple DoS conditions, integer overflows, buffer overflows on parsing JPEG/TIFF/RIFF EXIF data.", "edition": 1, "modified": "2007-12-29T00:00:00", "published": "2007-12-29T00:00:00", "id": "SECURITYVULNS:VULN:8510", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8510", "title": "Multiple security vulnerabilities in different Exif libraries (libexif, exiv2, exiftags)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}