blob: 029cfb4de6c342cf2b47879bc3da2b22b6e933a2 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200503-17">
<title>libexif: Buffer overflow vulnerability</title>
libexif fails to validate certain inputs, making it vulnerable to buffer
<product type="ebuild">libexif</product>
<announced>March 12, 2005</announced>
<revised>March 12, 2005: 01</revised>
<package name="media-libs/libexif" auto="yes" arch="*">
<unaffected range="ge">0.5.12-r1</unaffected>
<vulnerable range="lt">0.5.12-r1</vulnerable>
libexif is a library for parsing, editing and saving EXIF data.
libexif contains a buffer overflow vulnerability in the EXIF tag
validation code. When opening an image with a specially crafted EXIF
tag, the lack of validation can cause applications linked to libexif to
<impact type="normal">
A specially crafted EXIF file could crash applications making use
of libexif, potentially allowing the execution of arbitrary code with
the privileges of the user running the application.
There is no known workaround at this time.
All libexif users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/libexif-0.5.12-r1&quot;</code>
<uri link="">CAN-2005-0664</uri>
<metadata tag="requester" timestamp="Sat, 12 Mar 2005 16:28:06 +0000">
<metadata tag="bugReady" timestamp="Sat, 12 Mar 2005 17:56:45 +0000">
<metadata tag="submitter" timestamp="Sat, 12 Mar 2005 18:48:27 +0000">