Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6351

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6351
Last Modified 11 Oct 2011 12:00:00
Published 19 Dec 2007 09:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6351

Summary

libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.

Vulnerable Systems

Application

  • Curtis Galloway Libexif 0.6.14

  • Curtis Galloway Libexif 0.6.15

  • Curtis Galloway Libexif 0.6.16


References

REDHAT - RHSA-2007:1165

FEDORA - FEDORA-2007-4667

FEDORA - FEDORA-2007-4608

CONFIRM - https://issues.rpath.com/browse/RPL-2068

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=425631

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=425621

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=425551

XF - libexif-exifloaderwrit-dos(39166)

VUPEN - ADV-2007-4278

UBUNTU - USN-654-1

SECTRACK - 1019124

BID - 26976

BUGTRAQ - 20080105 rPSA-2008-0006-1 libexif

SUSE - SUSE-SR:2008:002

MANDRIVA - MDVSA-2008:005

DEBIAN - DSA-1487

GENTOO - GLSA-200712-15

SECUNIA - 32274

SECUNIA - 28776

SECUNIA - 28636

SECUNIA - 28400

SECUNIA - 28346

SECUNIA - 28266

SECUNIA - 28195

SECUNIA - 28127

SECUNIA - 28076

OSVDB - 42652

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=202350

Related Patches

Novell SUSE 2008:4884 libexif security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:28