Computer Security
[EN] securityvulns.ru no-pyccku


Multiple security vulnerabilities in different Exif libraries (libexif, exiv2, exiftags)
Published:29.12.2007
Source:
SecurityVulns ID:8510
Type:library
Threat Level:
6/10
Description:Multiple DoS conditions, integer overflows, buffer overflows on parsing JPEG/TIFF/RIFF EXIF data.
Affected:LIBEXIF : libexif 0.6
 EXIFTAGS : exiftags 1.0
 EXIV2 : exiv2 0.13
CVE:CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.)
 CVE-2007-6355 (Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6354.)
 CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6355.)
 CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.)
 CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags.)
 CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags.)
Original documentdocumentGENTOO, [Full-disclosure] [ GLSA 200712-15 ] libexif: Multiple vulnerabilities (29.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod