1. CVE-Search
  2. CVE-2007-6353
ID CVE-2007-6353
Summary Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 08-08-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 26918
confirm https://bugzilla.redhat.com/show_bug.cgi?id=425921
debian DSA-1474
fedora
  • FEDORA-2007-4551
  • FEDORA-2007-4591
gentoo GLSA-200712-16
mandriva MDVSA-2008:006
misc http://bugs.gentoo.org/show_bug.cgi?id=202351
secunia
  • 28132
  • 28178
  • 28267
  • 28412
  • 28610
  • 32273
suse SUSE-SR:2008:001
ubuntu USN-655-1
vupen ADV-2007-4252
xf exiv2-setdataarea-bo(39118)
Last major update 08-08-2017 - 01:29
Published 20-12-2007 - 01:46
Last modified 08-08-2017 - 01:29
Back to Top