ID CVE-2007-2645
Summary Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
References
Vulnerable Configurations
  • cpe:2.3:a:libexif:libexif:0.5
    cpe:2.3:a:libexif:libexif:0.5
  • cpe:2.3:a:libexif:libexif:0.5.12
    cpe:2.3:a:libexif:libexif:0.5.12
  • cpe:2.3:a:libexif:libexif:0.6.9
    cpe:2.3:a:libexif:libexif:0.6.9
  • cpe:2.3:a:libexif:libexif:0.6.11
    cpe:2.3:a:libexif:libexif:0.6.11
  • cpe:2.3:a:libexif:libexif:0.6.12
    cpe:2.3:a:libexif:libexif:0.6.12
  • cpe:2.3:a:libexif:libexif:0.6.13
    cpe:2.3:a:libexif:libexif:0.6.13
CVSS
Base: 9.3 (as of 16-05-2007 - 13:42)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description LibEXIF 0.6.x Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability. CVE-2007-2645 . Dos exploit for linux platform
id EDB-ID:30024
last seen 2016-02-03
modified 2007-05-11
published 2007-05-11
reporter Victor Stinner
source https://www.exploit-db.com/download/30024/
title LibEXIF 0.6.x - Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBEXIF5-3704.NASL
    description A denial of service problem (crash) was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. (CVE-2007-2645)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27319
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27319
    title openSUSE 10 Security Update : libexif5 (libexif5-3704)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBEXIF5-3724.NASL
    description A denial of service problem (crash) was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. (CVE-2007-2645)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27320
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27320
    title openSUSE 10 Security Update : libexif5 (libexif5-3724)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1487.NASL
    description Several vulnerabilities have been discovered in the EXIF parsing code of the libexif library, which can lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed image. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2645 Victor Stinner discovered an integer overflow, which may result in denial of service or potentially the execution of arbitrary code. - CVE-2007-6351 Meder Kydyraliev discovered an infinite loop, which may result in denial of service. - CVE-2007-6352 Victor Stinner discovered an integer overflow, which may result in denial of service or potentially the execution of arbitrary code. This update also fixes two potential NULL pointer deferences.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 30226
    published 2008-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30226
    title Debian DSA-1487-1 : libexif - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBEXIF-3718.NASL
    description A denial of service problem (crash) was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. (CVE-2007-2645)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27318
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27318
    title openSUSE 10 Security Update : libexif (libexif-3718)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11555.NASL
    description A denial of service problem (crash) was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. (CVE-2007-2645)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41136
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41136
    title SuSE9 Security Update : libexif (YOU Patch Number 11555)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-471-1.NASL
    description Victor Stinner discovered that libexif did not correctly validate the size of some EXIF header fields. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28072
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28072
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : libexif vulnerability (USN-471-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBEXIF-3721.NASL
    description A denial of service problem (crash) was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. (CVE-2007-2645)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29499
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29499
    title SuSE 10 Security Update : libexif (ZYPP Patch Number 3721)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-0003.NASL
    description This update to the latest upstream release fixes a number of bugs, among them a possible integer overflow in the exif_data_load_data_entry function (CVE-2007-2645), which allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 62265
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62265
    title Fedora 7 : libexif-0.6.15-1.fc7 (2007-0003)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200706-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200706-01 (libexif: Integer overflow vulnerability) Victor Stinner reported an integer overflow in the exif_data_load_data_entry() function from file exif-data.c while handling Exif data. Impact : An attacker could entice a user to process a file with specially crafted Exif extensions with an application making use of libexif, which will trigger the integer overflow and potentially execute arbitrary code or crash the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25438
    published 2007-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25438
    title GLSA-200706-01 : libexif: Integer overflow vulnerability
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBEXIF5-3723.NASL
    description A denial of service problem (crash) was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. (CVE-2007-2645)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29500
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29500
    title SuSE 10 Security Update : libexif5 (ZYPP Patch Number 3723)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-118.NASL
    description Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data. Updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25475
    published 2007-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25475
    title Mandrake Linux Security Advisory : libexif (MDKSA-2007:118)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBEXIF-3703.NASL
    description A denial of service problem (crash) was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. (CVE-2007-2645)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27317
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27317
    title openSUSE 10 Security Update : libexif (libexif-3703)
refmap via4
bid 23927
bugtraq 20070604 FLEA-2007-0024-1: libexif
confirm
debian DSA-1487
gentoo GLSA-200706-01
mandriva MDKSA-2007:118
misc http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272
osvdb 35978
secunia
  • 25235
  • 25540
  • 25569
  • 25599
  • 25621
  • 25932
  • 26083
  • 28776
suse
  • SUSE-SA:2007:039
  • SUSE-SR:2007:014
ubuntu USN-471-1
vupen ADV-2007-1761
xf libexif-exifdataloaddata-integer-overflow(34233)
statements via4
contributor Joshua Bressers
lastmodified 2007-05-24
organization Red Hat
statement Red Hat does not consider this flaw to have security consequences. For more details please see the following: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240055
Last major update 05-11-2012 - 22:39
Published 14-05-2007 - 17:19
Last modified 16-10-2018 - 12:44
Back to Top