blob: 2c6e6ba53eccef2cadf0e047e31b2f51deae9690 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200706-01">
<title>libexif: Integer overflow vulnerability</title>
libexif fails to handle Exif (EXchangeable Image File) data inputs, making
it vulnerable to an integer overflow.
<product type="ebuild">libexif</product>
<announced>June 05, 2007</announced>
<revised>June 05, 2007: 01</revised>
<package name="media-libs/libexif" auto="yes" arch="*">
<unaffected range="ge">0.6.15</unaffected>
<vulnerable range="lt">0.6.15</vulnerable>
libexif is a library for parsing, editing and saving Exif data.
Victor Stinner reported an integer overflow in the
exif_data_load_data_entry() function from file exif-data.c while
handling Exif data.
<impact type="normal">
An attacker could entice a user to process a file with specially
crafted Exif extensions with an application making use of libexif,
which will trigger the integer overflow and potentially execute
arbitrary code or crash the application.
There is no known workaround at this time.
All libexif users should upgrade to the latest version. Please note
that users upgrading from "&lt;=media-libs/libexif-0.6.13" should also run
revdep-rebuild after their upgrade.
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/libexif-0.6.15&quot;
# revdep-rebuild --library=/usr/lib/</code>
<uri link="">CVE-2007-2645</uri>
<metadata tag="submitter" timestamp="Tue, 05 Jun 2007 18:50:35 +0000">
<metadata tag="bugReady" timestamp="Sun, 03 Jun 2007 06:19:11 +0000">