CVE Vulnerabilities

CVE-2007-2645

Published: May 14, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.

Affected Software

Name Vendor Start Version End Version
Libexif Libexif 0.5 (including) 0.5 (including)
Libexif Libexif 0.5.12 (including) 0.5.12 (including)
Libexif Libexif 0.6.9 (including) 0.6.9 (including)
Libexif Libexif 0.6.11 (including) 0.6.11 (including)
Libexif Libexif 0.6.12 (including) 0.6.12 (including)
Libexif Libexif 0.6.13 (including) 0.6.13 (including)
Libexif Ubuntu dapper *
Libexif Ubuntu devel *
Libexif Ubuntu edgy *
Libexif Ubuntu feisty *

References