CVE-2007-6351

Severity

43%

Complexity

86%

Confidentiality

48%

libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.

libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

Type

Curtis Galloway EXIFTag Parsing Library libexif

First reported 17 years ago

2007-12-20 02:46:00

Last updated 6 years ago

2018-10-15 21:52:00

Affected Software

Curtis Galloway EXIFTag Parsing Library libexif 0.6.14

0.6.14

Curtis Galloway EXIFTag Parsing Library libexif 0.6.15

0.6.15

References

http://bugs.gentoo.org/show_bug.cgi?id=202350

42652

28076

Vendor Advisory

28127

Vendor Advisory

28195

Vendor Advisory

28266

Vendor Advisory

28346

Vendor Advisory

28400

Vendor Advisory

28636

Vendor Advisory

28776

Vendor Advisory

32274

Vendor Advisory

GLSA-200712-15

DSA-1487

MDVSA-2008:005

SUSE-SR:2008:002

RHSA-2007:1165

Patch

20080105 rPSA-2008-0006-1 libexif

26976

1019124

USN-654-1

ADV-2007-4278

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=425551

https://bugzilla.redhat.com/show_bug.cgi?id=425621

https://bugzilla.redhat.com/show_bug.cgi?id=425631

libexif-exifloaderwrit-dos(39166)

https://issues.rpath.com/browse/RPL-2068

oval:org.mitre.oval:def:9420

FEDORA-2007-4608

FEDORA-2007-4667

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.