Mandriva Update For Libexif MDVSA-2008:005 (libexif) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash (CVE-2007-6351). An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash or execute arbitrary code with the privileges of the user executing the application (CVE-2007-6352). The updated packages have been patched to correct these issues.

Affected

libexif on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2007-6351, CVE-2007-6352

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:094 (mysql)
Mandrake Security Advisory MDVSA-2009:038 (blender)
Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
Mandrake Security Advisory MDVSA-2009:204 (wxgtk)
Mandrake Security Advisory MDVSA-2009:046 (dia)

Mandriva Update for libexif MDVSA-2008:005 (libexif)

Take action and discover your vulnerabilities