SuSE Update for libexif SUSE-SA:2007:039

Impact
remote denial of service
Solution
Please Install the Updated Packages.
Insight
Two security problems were fixed in the libexif library which handles extended information in JPEG images. CVE-2007-2645: A denial of service problem (crash) was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. () CVE-2006-4168: A integer overflow was fixed in the EXIF loader, which could potentially be used to execute code or at least to crash the image viewer/web browser. Attackers might crash your E-Mail client or Web browser by embedding a crafted JPEG image with broken EXIF data.
Affected
libexif on SUSE LINUX 10.1, openSUSE 10.2, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1
References