CVE-2005-0664 - Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the

CVE-2005-0664

Summary

Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.

References

Vulnerable Configurations

cpe:2.3:a:libexif:libexif:0.6.9:*:*:*:*:*:*:*
cpe:2.3:a:libexif:libexif:0.6.9:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 03-10-2018 - 21:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:N/A:P

oval via4

accepted

2013-04-29T04:09:10.643-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10832

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2005:300

rpms

libexif-0:0.5.12-5.1
libexif-debuginfo-0:0.5.12-5.1
libexif-devel-0:0.5.12-5.1

refmap via4

debian	DSA-709
gentoo	GLSA-200503-17
mandrake	MDKSA-2005:064
misc	https://bugzilla.ubuntu.com/show_bug.cgi?id=7152
sectrack	1013398
secunia	17705
sunalert	102041
ubuntu	USN-91-1
vupen	ADV-2005-0240 ADV-2005-2565

Last major update

03-10-2018 - 21:29

Published

02-05-2005 - 04:00

Last modified

03-10-2018 - 21:29