Multiple security vulnerabilities in different Exif libraries (libexif, exiv2, exiftags)
Published:		29.12.2007
Source:		FULL-DISCLOSURE
SecurityVulns ID:		8510
Type:		library
Level:		6/10
Description:		Multiple DoS conditions, integer overflows, buffer overflows on parsing JPEG/TIFF/RIFF EXIF data.

Affected:		LIBEXIF : libexif 0.6
		EXIFTAGS : exiftags 1.0
		EXIV2 : exiv2 0.13
CVE:		CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.)
		CVE-2007-6355 (Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6354.)
		CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6355.)
		CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.)
		CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags.)
		CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags.)

Original document

GENTOO, [Full-disclosure] [ GLSA 200712-15 ] libexif: Multiple vulnerabilities (29.12.2007)

Discuss:

Read or add your comments to this news (0 comments)