Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora Core 6: FEDORA-2007-614 Moderate: Libexif Integer Overflow

fedora
Calendar Grey June 29, 2007
Dist Fedora Esm H88
Important patch for libexif in Fedora Core 6 fixes integer wraparound flaw. Update advised for enhanced protection.
The libexif package contains the EXIF library

Summary

Most digital cameras produce EXIF files, which are JPEG files with

extra tags that contain information about the image. The EXIF library

allows you to parse an EXIF file and read the data from those tags.

The libexif package contains the EXIF library. Applications

use this library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses

EXIF image tags. If a victim opens a carefully crafted EXIF

image file it could cause the application linked against

libexif to execute arbitrary code or crash. (CVE-2007-4168)

Users of libexif should upgrade to these updated packages,

which contain a backported patch and are not vulnerable to

this issue.

- Add patch for CVE-2007-4168. Fix bug #243892

0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9 SRPMS/libexif-0.6.15-2.fc6.src.rpm

0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9 noarch/libexif-0.6.15-2.fc6.src.rpm

f715aefa9558f7b827606e98c5d88bf919d9e5ff ppc/debug/libexif-debuginfo-0.6.15-2.fc6.ppc.rpm

c9a85c20b950a5c8f829280f05281d3657dd2aa9 ppc/libexif-0.6.15-2.fc6.ppc.rpm

90ed3965fdd563b74bd8e5f2d4af01b12e58b0e6 ppc/libexif-devel-0.6.15-2.fc6.ppc.rpm

f86b69b898a3824c1dcbadb14933d2866c310473 x86_64/debug/libexif-debuginfo-0.6.15-2.fc6.x86_64.rpm

ad3fd34dad258162c4bc9aa65020790af273b1a5 x86_64/libexif-devel-0.6.15-2.fc6.x86_64.rpm

9a3b3e18968081440411426a9139d5ca39ad196e x86_64/libexif-0.6.15-2.fc6.x86_64.rpm

4e10c52ad5dc5eca65d7d57bc9b86aba61b3b276 i386/libexif-0.6.15-2.fc6.i386.rpm

99ecbcfcdaeea08641c0a61b6d6c72c66530f214 i386/libexif-devel-0.6.15-2.fc6.i386.rpm

e583ddd0572027f1421a0d9ad1694d3769b1394e i386/debug/libexif-debuginfo-0.6.15-2.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory moderate update Fedora Core integer overflow libexif

Change Log

References

Update Instructions

Name: libexif
Version: 0.6.15
Release: 2.fc6
Summary: Library for extracting extra information from image files

Topics%20covered

Topics Covered

security advisory moderate update Fedora Core integer overflow libexif

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here