Mandriva Update For Libexif MDKSA-2007:118 (libexif) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data. Updated packages have been patched to prevent this issue.

Affected

libexif on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-2645

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:073 (sarg)
Mandrake Security Advisory MDVSA-2009:088 (wireshark)
Mandrake Security Advisory MDVSA-2009:050-1 (python-pycrypto)
Mandrake Security Advisory MDVSA-2009:049 (pycrypto)
Mandrake Security Advisory MDVSA-2009:014 (mplayer)

Mandriva Update for libexif MDKSA-2007:118 (libexif)

Take action and discover your vulnerabilities