Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora Core 6: 2007-549 Urgent: Libexif Buffer Overflow Vulnerability

fedora
Calendar Grey June 11, 2007
Dist Fedora Esm H88
Arithmetic overflow in libexif might enable remote exploitation through manipulated EXIF information, potentially resulting in system crash or arbitrary code execution.
This update to the latest upstream release fixes a number of bugs, among them a possible integer overflow in the exif_data_load_data_entry function (CVE-2007-2645), which allows...

Summary

Most digital cameras produce EXIF files, which are JPEG files with

extra tags that contain information about the image. The EXIF library

allows you to parse an EXIF file and read the data from those tags.

This update to the latest upstream release fixes a number of

bugs, among them a possible integer overflow in the

exif_data_load_data_entry function (CVE-2007-2645), which

allows user-assisted remote attackers to cause a denial of

service (crash) or possibly execute arbitrary code via

crafted EXIF data.

- Update to 0.6.15

- Drop obsolete patch

* Thu May 24 2007 Matthias Clasen - 0.6.13-4

- Add patch for CVE-2007-2645.

* Sun Feb 4 2007 Matthias Clasen - 0.6.13-3

- Package review cleanups

- Avoid multilib conflicts by using pregenerated docs

a72ed5f5da3870cad1911c3aeaf7da70c9617178 SRPMS/libexif-0.6.15-1.fc6.src.rpm

a72ed5f5da3870cad1911c3aeaf7da70c9617178 noarch/libexif-0.6.15-1.fc6.src.rpm

9e0bc0e5d27ad0146d3d8378b4cdda784f38cbeb ppc/libexif-devel-0.6.15-1.fc6.ppc.rpm

f15e10ca2f053e94603e603ad641be5389696d23 ppc/libexif-0.6.15-1.fc6.ppc.rpm

d7e02d9235bf50cb0c18d04f353927b01b27d2d3 ppc/debug/libexif-debuginfo-0.6.15-1.fc6.ppc.rpm

cce426e4e62fe173799581698f7f3e756b251cf5 x86_64/debug/libexif-debuginfo-0.6.15-1.fc6.x86_64.rpm

c03bea0a6b7e8f253a6876e063c2b15e288898f6 x86_64/libexif-0.6.15-1.fc6.x86_64.rpm

84c6c79200b570287620ea3d36d3f29a07cfe075 x86_64/libexif-devel-0.6.15-1.fc6.x86_64.rpm

b6fe4592d0c5a840cedbb8f6009ceb69ba07b2c7 i386/libexif-devel-0.6.15-1.fc6.i386.rpm

253a835d978fb06bdde8e49472313a99e3aa3df3 i386/libexif-0.6.15-1.fc6.i386.rpm

8b2d63cc52c6ebd1d2ff751f6fdcb4eb086420ed i386/debug/libexif-debuginfo-0.6.15-1.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory denial of service remote exploit integer overflow libexif

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Name: libexif
Version: 0.6.15
Release: 1.fc6
Summary: Library for extracting extra information from image files

Topics%20covered

Topics Covered

security advisory denial of service remote exploit integer overflow libexif

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here