Lucene search

K
ubuntuUbuntuUSN-655-1
HistoryOct 15, 2008 - 12:00 a.m.

exiv2 vulnerabilities

2008-10-1500:00:00
ubuntu.com
31

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.1%

Releases

  • Ubuntu 8.04
  • Ubuntu 7.10
  • Ubuntu 7.04

Packages

  • exiv2 -

Details

Meder Kydyraliev discovered that exiv2 did not correctly handle certain
EXIF headers. If a user or automated system were tricked into processing
a specially crafted image, a remote attacker could cause the application
linked against libexiv2 to crash, leading to a denial of service, or
possibly executing arbitrary code with user privileges. (CVE-2007-6353)

Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon
lens EXIF information. If a user or automated system were tricked into
processing a specially crafted image, a remote attacker could cause the
application linked against libexiv2 to crash, leading to a denial of
service. (CVE-2008-2696)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchlibexiv2-2< 0.16-3ubuntu1.1UNKNOWN
Ubuntu8.04noarchexiv2< 0.16-3ubuntu1.1UNKNOWN
Ubuntu8.04noarchlibexiv2-dev< 0.16-3ubuntu1.1UNKNOWN
Ubuntu7.10noarchlibexiv2-0< 0.15-1ubuntu2.1UNKNOWN
Ubuntu7.10noarchexiv2< 0.15-1ubuntu2.1UNKNOWN
Ubuntu7.10noarchlibexiv2-dev< 0.15-1ubuntu2.1UNKNOWN
Ubuntu7.04noarchlibexiv2-0.12< 0.12-0ubuntu2.1UNKNOWN
Ubuntu7.04noarchexiv2< 0.12-0ubuntu2.1UNKNOWN
Ubuntu7.04noarchlibexiv2-dev< 0.12-0ubuntu2.1UNKNOWN

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.1%