GoogleOSV:DSA-1487-1libexif - several vulnerabilities
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.411 Medium
EPSS
Percentile
96.8%
Several vulnerabilities have been discovered in the EXIF parsing code
of the libexif library, which can lead to denial of service or the
execution of arbitrary code if a user is tricked into opening a
malformed image. The Common Vulnerabilities and Exposures project identifies
the following problems:
- CVE-2007-2645
Victor Stinner discovered an integer overflow, which may result in
denial of service or potentially the execution of arbitrary code. - CVE-2007-6351
Meder Kydyraliev discovered an infinite loop, which may result in
denial of service. - CVE-2007-6352
Victor Stinner discovered an integer overflow, which may result
in denial of service or potentially the execution of arbitrary
code.
This update also fixes two potential NULL pointer deferences.
For the old stable distribution (sarge), these problems have been
fixed in 0.6.9-6sarge2.
For the stable distribution (etch), these problems have been fixed in
version 0.6.13-5etch2.
We recommend that you upgrade your libexif packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libexif | eq | 0.6.13-5 | |
| libexif | eq | 0.6.13-5etch1 |
References
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.411 Medium
EPSS
Percentile
96.8%