[exiftags] [CVE-2007-6354, CVE-2007-6355, CVE-2007-6356] insufficient input sanitizing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
exiftags (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: exiftags
References:
DSA-1533-1 (http://
Quoting:
"Christian Schmid and Meder Kydyraliev (Google Security) discovered a
number of vulnerabilities in exiftags, a utility for extracting EXIF
metadata from JPEG images. The Common Vulnerabilities and Exposures
project identified the following three problems:
CVE-2007-6354
Inadequate EXIF property validation could lead to invalid memory
accesses if executed on a maliciously crafted image, potentially
including heap corruption and the execution of arbitrary code.
CVE-2007-6355
Flawed data validation could lead to integer overflows, causing
other invalid memory accesses, also with the potential for memory
corruption or arbitrary code execution.
CVE-2007-6356
Cyclical EXIF image file directory (IFD) references could cause
a denial of service (infinite loop)."
Changed in exiftags: | |
status: | New → Fix Released |