Summary
The remote host is missing an update to libexif
announced via advisory DSA 1487-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201487-1
Insight
Several vulnerabilities have been discovered in the EXIF parsing code of the libexif library, which can lead to denial of service or the xecution of arbitrary code if a user is tricked into opening a malformed image.
CVE-2007-2645
Victor Stinner discovered an integer overflow, which may result in denial of service or potentially the execution of arbitrary code.
CVE-2007-6351
Meder Kydyraliev discovered an infinite loop, which may result in denial of service.
CVE-2007-6352
Victor Stinner discovered an integer overflow, which may result in denial of service or potentially the execution of arbitrary code.
This update also fixes two potential NULL pointer deferences.
For the stable distribution (etch), these problems have been fixed in version 0.6.13-5etch2.
For the old stable distribution (sarge), these problems have been fixed in 0.6.9-6sarge2.
We recommend that you upgrade your libexif packages.
Severity
Classification
-
CVE CVE-2007-2645, CVE-2007-6351, CVE-2007-6352 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities