Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libexif | Libexif | 0.6.9 (including) | 0.6.9 (including) |
Libexif | Libexif | 0.6.11 (including) | 0.6.11 (including) |
Libexif | Libexif | 0.6.12 (including) | 0.6.12 (including) |
Libexif | Libexif | 0.6.13 (including) | 0.6.13 (including) |
Libexif | Libexif | 0.6.14 (including) | 0.6.14 (including) |
Libexif | Libexif | 0.6.15 (including) | 0.6.15 (including) |