EXIF library vulnerability

ID USN-91-1
Type ubuntu
Reporter Ubuntu
Modified 2005-03-08T00:00:00


Sylvain Defresne discovered that the EXIF library did not properly validate the structure of the EXIF tags. By tricking a user to load an image with a malicious EXIF tag, an attacker could exploit this to crash the process using the library, or even execute arbitrary code with the privileges of the process.