CVE-2007-6353

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
References
Link Resource
http://bugs.gentoo.org/show_bug.cgi?id=202351 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html Mailing List Third Party Advisory
http://secunia.com/advisories/28132 Broken Link
http://secunia.com/advisories/28178 Broken Link
http://secunia.com/advisories/28267 Broken Link
http://secunia.com/advisories/28412 Broken Link
http://secunia.com/advisories/28610 Broken Link
http://secunia.com/advisories/32273 Broken Link
http://security.gentoo.org/glsa/glsa-200712-16.xml Third Party Advisory
http://www.debian.org/security/2008/dsa-1474 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 Broken Link
http://www.securityfocus.com/bid/26918 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-655-1 Third Party Advisory
http://www.vupen.com/english/advisories/2007/4252 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=425921 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=202351 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html Mailing List Third Party Advisory
http://secunia.com/advisories/28132 Broken Link
http://secunia.com/advisories/28178 Broken Link
http://secunia.com/advisories/28267 Broken Link
http://secunia.com/advisories/28412 Broken Link
http://secunia.com/advisories/28610 Broken Link
http://secunia.com/advisories/32273 Broken Link
http://security.gentoo.org/glsa/glsa-200712-16.xml Third Party Advisory
http://www.debian.org/security/2008/dsa-1474 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 Broken Link
http://www.securityfocus.com/bid/26918 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-655-1 Third Party Advisory
http://www.vupen.com/english/advisories/2007/4252 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=425921 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*

History

21 Nov 2024, 00:39

Type Values Removed Values Added
References () http://bugs.gentoo.org/show_bug.cgi?id=202351 - Third Party Advisory () http://bugs.gentoo.org/show_bug.cgi?id=202351 - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html - Mailing List, Third Party Advisory
References () http://secunia.com/advisories/28132 - Broken Link () http://secunia.com/advisories/28132 - Broken Link
References () http://secunia.com/advisories/28178 - Broken Link () http://secunia.com/advisories/28178 - Broken Link
References () http://secunia.com/advisories/28267 - Broken Link () http://secunia.com/advisories/28267 - Broken Link
References () http://secunia.com/advisories/28412 - Broken Link () http://secunia.com/advisories/28412 - Broken Link
References () http://secunia.com/advisories/28610 - Broken Link () http://secunia.com/advisories/28610 - Broken Link
References () http://secunia.com/advisories/32273 - Broken Link () http://secunia.com/advisories/32273 - Broken Link
References () http://security.gentoo.org/glsa/glsa-200712-16.xml - Third Party Advisory () http://security.gentoo.org/glsa/glsa-200712-16.xml - Third Party Advisory
References () http://www.debian.org/security/2008/dsa-1474 - Third Party Advisory () http://www.debian.org/security/2008/dsa-1474 - Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 - Broken Link
References () http://www.securityfocus.com/bid/26918 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/26918 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-655-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-655-1 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2007/4252 - Broken Link () http://www.vupen.com/english/advisories/2007/4252 - Broken Link
References () https://bugzilla.redhat.com/show_bug.cgi?id=425921 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=425921 - Issue Tracking, Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 - Third Party Advisory, VDB Entry
References () https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html - Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html - Third Party Advisory
References () https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html - Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html - Third Party Advisory

19 Jul 2024, 13:04

Type Values Removed Values Added
CWE CWE-189 CWE-190
References () http://bugs.gentoo.org/show_bug.cgi?id=202351 - () http://bugs.gentoo.org/show_bug.cgi?id=202351 - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html - Mailing List, Third Party Advisory
References () http://secunia.com/advisories/28132 - Patch () http://secunia.com/advisories/28132 - Broken Link
References () http://secunia.com/advisories/28178 - () http://secunia.com/advisories/28178 - Broken Link
References () http://secunia.com/advisories/28267 - () http://secunia.com/advisories/28267 - Broken Link
References () http://secunia.com/advisories/28412 - () http://secunia.com/advisories/28412 - Broken Link
References () http://secunia.com/advisories/28610 - () http://secunia.com/advisories/28610 - Broken Link
References () http://secunia.com/advisories/32273 - () http://secunia.com/advisories/32273 - Broken Link
References () http://security.gentoo.org/glsa/glsa-200712-16.xml - () http://security.gentoo.org/glsa/glsa-200712-16.xml - Third Party Advisory
References () http://www.debian.org/security/2008/dsa-1474 - () http://www.debian.org/security/2008/dsa-1474 - Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 - Broken Link
References () http://www.securityfocus.com/bid/26918 - () http://www.securityfocus.com/bid/26918 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-655-1 - () http://www.ubuntu.com/usn/usn-655-1 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2007/4252 - () http://www.vupen.com/english/advisories/2007/4252 - Broken Link
References () https://bugzilla.redhat.com/show_bug.cgi?id=425921 - () https://bugzilla.redhat.com/show_bug.cgi?id=425921 - Issue Tracking, Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 - Third Party Advisory, VDB Entry
References () https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html - () https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html - Third Party Advisory
References () https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html - () https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html - Third Party Advisory
First Time Canonical
Debian debian Linux
Debian
Canonical ubuntu Linux
CPE cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Information

Published : 2007-12-20 01:46

Updated : 2024-11-21 00:39


NVD link : CVE-2007-6353

Mitre link : CVE-2007-6353

CVE.ORG link : CVE-2007-6353


JSON object : View

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

exiv2

  • exiv2
CWE
CWE-190

Integer Overflow or Wraparound