Ubuntu
exiftags package

[exiftags] [CVE-2007-6354, CVE-2007-6355, CVE-2007-6356] insufficient input sanitizing

Bug #210159 reported by disabled.user on 2008-04-01

254

Affects		Status	Importance	Assigned to	Milestone
	exiftags (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: exiftags

References:
DSA-1533-1 (http://www.debian.org/security/2008/dsa-1533)

Quoting:
"Christian Schmid and Meder Kydyraliev (Google Security) discovered a
number of vulnerabilities in exiftags, a utility for extracting EXIF
metadata from JPEG images. The Common Vulnerabilities and Exposures
project identified the following three problems:

CVE-2007-6354

    Inadequate EXIF property validation could lead to invalid memory
    accesses if executed on a maliciously crafted image, potentially
    including heap corruption and the execution of arbitrary code.

CVE-2007-6355

    Flawed data validation could lead to integer overflows, causing
    other invalid memory accesses, also with the potential for memory
    corruption or arbitrary code execution.

CVE-2007-6356

Cyclical EXIF image file directory (IFD) references could cause
a denial of service (infinite loop)."

CVE References

Daniel T Chen (crimsun) on 2008-12-07

Changed in exiftags:
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuexiftags package