Public bug reported: References: MDVSA-2008:005 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:005)
Quoting: "An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash (CVE-2007-6351). An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash or execute arbitrary code with the privileges of the user executing the application (CVE-2007-6352)." ** Affects: libexif (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6351 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6352 -- [libexif] [CVE-2007-6351] [CVE-2007-6352] possibility of DoS or arbitrary code execution https://bugs.launchpad.net/bugs/181713 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs