ID CVE-2006-4168
Summary Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:libexif:libexif:0.6.9
    cpe:2.3:a:libexif:libexif:0.6.9
  • cpe:2.3:a:libexif:libexif:0.6.11
    cpe:2.3:a:libexif:libexif:0.6.11
  • cpe:2.3:a:libexif:libexif:0.6.12
    cpe:2.3:a:libexif:libexif:0.6.12
  • cpe:2.3:a:libexif:libexif:0.6.13
    cpe:2.3:a:libexif:libexif:0.6.13
  • cpe:2.3:a:libexif:libexif:0.6.14
    cpe:2.3:a:libexif:libexif:0.6.14
  • cpe:2.3:a:libexif:libexif:0.6.15
    cpe:2.3:a:libexif:libexif:0.6.15
CVSS
Base: 6.8 (as of 15-06-2007 - 12:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-0414.NASL
    description The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27666
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27666
    title Fedora 7 : libexif-0.6.15-2.fc7 (2007-0414)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070614_LIBEXIF_ON_SL5_X__SL4_X.NASL
    description An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60210
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60210
    title Scientific Linux Security Update : libexif on SL5.x, SL4.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200706-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200706-09 (libexif: Buffer overflow) iDefense Labs have discovered that the exif_data_load_data_entry() function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an integer overflow possibly leading to a heap-based buffer overflow. Impact : An attacker could entice a user of an application making use of a vulnerable version of libexif to load a specially crafted image file, possibly resulting in a crash of the application or the execution of arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25594
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25594
    title GLSA-200706-09 : libexif: Buffer overflow
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-164-01.NASL
    description New libexif packages are available for Slackware 10.2, 11.0, and -current to fix a crash and potential security issue.
    last seen 2018-09-01
    modified 2013-06-01
    plugin id 25771
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25771
    title Slackware 10.2 / 11.0 / current : libexif (SSA:2007-164-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-605.NASL
    description The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 25589
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25589
    title Fedora Core 5 : libexif-0.6.12-5 (2007-605)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-478-1.NASL
    description Sean Larsson discovered that libexif did not correctly verify the size of EXIF components. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28079
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28079
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : libexif vulnerability (USN-478-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0501.NASL
    description Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25528
    published 2007-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25528
    title CentOS 4 / 5 : libexif (CESA-2007:0501)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0501.NASL
    description From Red Hat Security Advisory 2007:0501 : Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67524
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67524
    title Oracle Linux 4 / 5 : libexif (ELSA-2007-0501)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-614.NASL
    description The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 25619
    published 2007-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25619
    title Fedora Core 6 : libexif-0.6.15-2.fc6 (2007-614)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-128.NASL
    description Another integer overflow was found in the way libexif parses EXIF image tags. An individual who opened a carefully-crafted EXIF image file could cause the application linked against libexif to crash or possibly execute arbitrary code. Updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25563
    published 2007-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25563
    title Mandrake Linux Security Advisory : libexif (MDKSA-2007:128)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-4608.NASL
    description This update fixes two recently discovered vulnerabilities in libexif, CVE-2007-6351 and CVE-2007-6352. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 29762
    published 2007-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29762
    title Fedora 7 : libexif-0.6.15-3.fc7 (2007-4608)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0501.NASL
    description Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25540
    published 2007-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25540
    title RHEL 4 / 5 : libexif (RHSA-2007:0501)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1310.NASL
    description A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25532
    published 2007-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25532
    title Debian DSA-1310-1 : libexif - integer overflow
oval via4
accepted 2013-04-29T04:18:54.906-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:9349
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
version 24
redhat via4
advisories
bugzilla
id 243888
title CVE-2006-4168 libexif integer overflow
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment libexif is earlier than 0:0.5.12-5.1.0.2
          oval oval:com.redhat.rhsa:tst:20070501002
        • comment libexif is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070501003
      • AND
        • comment libexif-devel is earlier than 0:0.5.12-5.1.0.2
          oval oval:com.redhat.rhsa:tst:20070501004
        • comment libexif-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070501005
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment libexif is earlier than 0:0.6.13-4.0.2.el5
          oval oval:com.redhat.rhsa:tst:20070501007
        • comment libexif is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070501008
      • AND
        • comment libexif-devel is earlier than 0:0.6.13-4.0.2.el5
          oval oval:com.redhat.rhsa:tst:20070501009
        • comment libexif-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070501010
rhsa
id RHSA-2007:0501
released 2007-06-14
severity Moderate
title RHSA-2007:0501: libexif integer overflow (Moderate)
rpms
  • libexif-0:0.5.12-5.1.0.2
  • libexif-devel-0:0.5.12-5.1.0.2
  • libexif-0:0.6.13-4.0.2.el5
  • libexif-devel-0:0.6.13-4.0.2.el5
refmap via4
bid 24461
bugtraq 20070622 FLEA-2007-0028-1: libexif
confirm
debian DSA-1310
gentoo GLSA-200706-09
idefense 20070613 Multiple Vendor libexif Integer Overflow Heap Corruption Vulnerability
mandriva MDKSA-2007:128
osvdb 35379
sectrack 1018240
secunia
  • 25642
  • 25645
  • 25674
  • 25717
  • 25746
  • 25768
  • 25820
  • 25842
  • 25932
  • 26083
suse
  • SUSE-SA:2007:039
  • SUSE-SR:2007:014
ubuntu USN-478-1
vupen ADV-2007-2165
xf multiple-libexif-exifdataloaddataentry-bo(34851)
Last major update 30-10-2012 - 22:15
Published 14-06-2007 - 15:30
Last modified 17-10-2018 - 17:33
Back to Top