Ubuntu Security Notice 478-1 - Sean Larsson discovered that libexif did not correctly verify the size of EXIF components. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to execute arbitrary code with user privileges.
b743d41bc125e30e6d81088f373eb1a64c75a1b7e57fa959a67a6e595852bedf
Gentoo Linux Security Advisory GLSA 200706-09 - iDefense Labs have discovered that the exif_data_load_data_entry() function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an integer overflow possibly leading to a heap-based buffer overflow. Versions less than 0.6.16 are affected.
2e6c0523c87966884d2f266f637a9e2d7c03774b61e5161b833fea5a62b27710
Debian Security Advisory 1310-1 - A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data.
967623ddb81a7982e09c9a0c4fed2f8f1ce6412d50236b450aacc4657b41fd37
iDefense Security Advisory 06.13.07 - Remote exploitation of a integer overflow vulnerability in libexif, as included in various vendors' operating system distributions, could allow attackers to crash the process or execute arbitrary code. The problem exists while parsing a tagged image with a large number of Exif components. Applications using this library are susceptible to a heap overflow when an integer overflow is triggered in the exif_data_load_data_entry function. iDefense confirmed the existence of this vulnerability in versions 0.6.13 through 0.6.15 of libexif.
1bcc90101ec9fadb6112f82dea431a7c3852d675c609a10ac528b1524cda77a3