Launchpad.net

CVE 2007-2645

Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.

Related bugs and status

CVE-2007-2645 (Candidate) is related to these bugs:

Bug #181713: [libexif] [CVE-2007-6351] [CVE-2007-6352] possibility of DoS or arbitrary code execution

Summary				In	Importance	Status
	181713	[libexif] [CVE-2007-6351] [CVE-2007-6352] possibility of DoS or arbitrary code execution		libexif (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://sourceforge.net...
BID: 23927
SECUNIA: 25235
CONFIRM: https://issues.rpath.c...
GENTOO: GLSA-200706-01
SECUNIA: 25540
SECUNIA: 25569
UBUNTU: USN-471-1
SECUNIA: 25599
SECUNIA: 25621
SUSE: SUSE-SA:2007:039
SECUNIA: 25932
SUSE: SUSE-SR:2007:014
SECUNIA: 26083
MANDRIVA: MDKSA-2007:118
DEBIAN: DSA-1487
SECUNIA: 28776
VUPEN: ADV-2007-1761
OSVDB: 35978
MISC: http://sourceforge.net...
XF: libexif-exifdataloadda...
BUGTRAQ: 20070604 FLEA-2007-002...