Ubuntu
libexif package

[libexif] [CVE-2007-6351] [CVE-2007-6352] possibility of DoS or arbitrary code execution

Bug #181713 reported by disabled.user
254
Affects Status Importance Assigned to Milestone
libexif (Ubuntu)
Fix Released
Medium
Kees Cook

Bug Description

References:
MDVSA-2008:005 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:005)

Quoting:
"An infinite recursion flaw was found in the way that libexif parses
Exif image tags. A carefully crafted Exif image file opened by an
application linked against libexif could cause the application to crash
(CVE-2007-6351).

An integer overflow flaw was also found in how libexif parses
Exif image tags. A carefully crafted Exif image file opened by
an application linked against libexif could cause the application
to crash or execute arbitrary code with the privileges of the user
executing the application (CVE-2007-6352)."

CVE References

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

This has also been fixed for Debian:
DSA-1487-1 (http://www.debian.org/security/2008/dsa-1487)

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

DSA-1487-1 also mentions CVE-2007-2645, which already got fixed with USN-471-1.

Revision history for this message
Kees Cook (kees) wrote :

This problem has been addressed with the following USN:

http://www.ubuntu.com/usn/usn-654-1

Please feel free to report future bugs.

Changed in libexif:
assignee: nobody → kees
importance: Undecided → Medium
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.