Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libexif | Libexif | 0.6.9 | 0.6.9 |
Libexif | Libexif | 0.6.11 | 0.6.11 |
Libexif | Libexif | 0.5.12 | 0.5.12 |
Libexif | Libexif | 0.6.12 | 0.6.12 |
Libexif | Libexif | 0.5 | 0.5 |
Libexif | Libexif | 0.6.13 | 0.6.13 |