BNLug - EXIF Library EXIF File Processing Integer Overflow Vulnerability

EXIF Library EXIF File Processing Integer Overflow Vulnerability

TITLE: EXIF Library EXIF File Processing Integer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE: CVE-2006-4168

REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 13 2007 12:00AM
UPDATE: Jun 18 2007 11:19AM
CREDIT: This vulnerability was discovered by Sean Larsson of iDefense Labs.
VULNERABLE:

RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux v. 5 server
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux AS 4
RedHat Desktop 4.0
libexif libexif 0.6.15
libexif libexif 0.6.14
libexif libexif 0.6.13
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0

NOT VULNERABLE:

libexif libexif 0.6.16

Vai alla pagina originale su Security Focus

Discussion

The 'libexif' library is reported prone to an integer-overflow vulnerability. Reportedly, the issue presents itself when the affected library is processing malformed EXIF files.

Attackers may leverage this issue to execute arbitrary code in the context of an application that is linked to the vulnerable library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects 'libexif' 0.6.13 to 0.6.15; other versions may also be affected.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.