[libexiv2] [CVE-2007-6353] possibility of arbitrary code execution
Bug #181714 reported by
disabled.user
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| exiv2 (Debian) |
Fix Released
|
Unknown
|
|||
| exiv2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Dapper |
Won't Fix
|
Medium
|
Unassigned | ||
| Feisty |
Fix Released
|
Medium
|
Kees Cook | ||
| Gutsy |
Fix Released
|
Medium
|
Kees Cook | ||
Bug Description
Binary package hint: libexiv2-0
References:
SUSE-SR:2008:001
Quoting:
"Meder Kydyraliev of Google found out that specially crafted
files could trigger an integer overflow in the libexiv2 library,
potentially causing code execution (CVE-2007-6353)."
CVE References
| Changed in exiv2: | |
| status: | Unknown → Fix Released |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in exiv2: | |
| status: | New → Fix Released |
Revision history for this message
| Kees Cook (kees) wrote | #2 |
| Changed in exiv2: | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
| assignee: | nobody → kees |
| importance: | Undecided → Medium |
| status: | New → Fix Released |
| assignee: | nobody → kees |
| importance: | Undecided → Medium |
| status: | New → Fix Released |
| importance: | Low → Medium |
| status: | Confirmed → Triaged |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #3 |
| Changed in exiv2 (Ubuntu Dapper): | |
| status: | Triaged → Won't Fix |
To post a comment you must log in.
Fixed in 0.16, hardy has 0.16-3ubuntu1