[libexif] [CVE-2007-6351] [CVE-2007-6352] possibility of DoS or arbitrary code execution

Bug #181713 reported by disabled.user on 2008-01-10
254
Affects Status Importance Assigned to Milestone
libexif (Ubuntu)
Medium
Kees Cook

Bug Description

References:
MDVSA-2008:005 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:005)

Quoting:
"An infinite recursion flaw was found in the way that libexif parses
Exif image tags. A carefully crafted Exif image file opened by an
application linked against libexif could cause the application to crash
(CVE-2007-6351).

An integer overflow flaw was also found in how libexif parses
Exif image tags. A carefully crafted Exif image file opened by
an application linked against libexif could cause the application
to crash or execute arbitrary code with the privileges of the user
executing the application (CVE-2007-6352)."

CVE References

This has also been fixed for Debian:
DSA-1487-1 (http://www.debian.org/security/2008/dsa-1487)

DSA-1487-1 also mentions CVE-2007-2645, which already got fixed with USN-471-1.

Kees Cook (kees) wrote :

This problem has been addressed with the following USN:

http://www.ubuntu.com/usn/usn-654-1

Please feel free to report future bugs.

Changed in libexif:
assignee: nobody → kees
importance: Undecided → Medium
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers