Launchpad CVE tracker

CVE 2007-6353

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

Related bugs and status

CVE-2007-6353 (Candidate) is related to these bugs:

Bug #181714: [libexiv2] [CVE-2007-6353] possibility of arbitrary code execution

		In	Importance	Status
181714	[libexiv2] [CVE-2007-6353] possibility of arbitrary code execution	exiv2 (Ubuntu)	Undecided	Fix Released
181714	[libexiv2] [CVE-2007-6353] possibility of arbitrary code execution	exiv2 (Debian)	Unknown	Fix Released
181714	[libexiv2] [CVE-2007-6353] possibility of arbitrary code execution	exiv2 (Ubuntu Feisty)	Medium	Fix Released
181714	[libexiv2] [CVE-2007-6353] possibility of arbitrary code execution	exiv2 (Ubuntu Gutsy)	Medium	Fix Released
181714	[libexiv2] [CVE-2007-6353] possibility of arbitrary code execution	exiv2 (Ubuntu Dapper)	Medium	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
SECUNIA: 28132
BID: 26918
FEDORA: FEDORA-2007-4551
FEDORA: FEDORA-2007-4591
SECUNIA: 28178
MISC: http://bugs.gentoo.org...
GENTOO: GLSA-200712-16
SECUNIA: 28267
MANDRIVA: MDVSA-2008:006
SUSE: SUSE-SR:2008:001
SECUNIA: 28412
DEBIAN: DSA-1474
SECUNIA: 28610
UBUNTU: USN-655-1
SECUNIA: 32273
VUPEN: ADV-2007-4252
XF: exiv2-setdataarea-bo(3...

Launchpad.net

CVE 2007-6353

Related bugs and status

Related bugs

References