Ubuntu Security Notice 654-1 - Meder Kydyraliev discovered that libexif did not correctly handle certain EXIF headers. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexif to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges.
2b8202fc3e307569a8e29aa091805b73ee5445f095ac175f6ef8aa4cca2bd4a9Debian Security Advisory 1487-1 - Several vulnerabilities have been discovered in the EXIF parsing code of the libexif library, which can lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed image.
b6cfa3c1a8b083b26a1f2671fec90976a2c45b5f6e05d7e8e597dc8a1512e255Mandriva Linux Security Advisory - An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash. An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash or execute arbitrary code with the privileges of the user executing the application.
b1cfa21a1dd7d661e0e7395096694506978e39fc9bbefc89dbf8281724b6e22fGentoo Linux Security Advisory GLSA 200712-15 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the exif_data_load_data_thumbnail() function leading to a memory corruption (CVE-2007-6352) and an infinite recursion in the exif_loader_write() function (CVE-2007-6351). Versions less than 0.6.16-r1 are affected.
548c9365116cd57441912256c386abd5de38d4e909eeeb81d347df3bf442698a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed