Public bug reported:
References:
MDVSA-2008:005
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:005)
Quoting:
"An infinite recursion flaw was found in the way that libexif parses
Exif image tags. A carefully crafted Exif image file opened by an
application linked against libexif could cause the application to crash
(CVE-2007-6351).
An integer overflow flaw was also found in how libexif parses
Exif image tags. A carefully crafted Exif image file opened by
an application linked against libexif could cause the application
to crash or execute arbitrary code with the privileges of the user
executing the application (CVE-2007-6352)."
** Affects: libexif (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6351
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6352
--
[libexif] [CVE-2007-6351] [CVE-2007-6352] possibility of DoS or arbitrary code
execution
https://bugs.launchpad.net/bugs/181713
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
