CVE-2007-2645 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-2645
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2645

Description: Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/34233 UBUNTU http://www.ubuntu.com/usn/usn-471-1 SUSE http://www.novell.com/linux/security/advisories/2007_39_libexif.html http://www.novell.com/linux/security/advisories/2007_14_sr.html SAID Secunia Advisory: SA25599 Secunia Advisory: SA25569 Secunia Advisory: SA25540 Secunia Advisory: SA25235 Secunia Advisory: SA25621 Secunia Advisory: SA25932 Secunia Advisory: SA26083 Secunia Advisory: SA28776 MISC http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:118 GENTOO http://security.gentoo.org/glsa/glsa-200706-01.xml DEBIAN http://www.debian.org/security/2008/dsa-1487 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=507447 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/470502/100/100/threaded BID 23927

Return to the previous page.