Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Exif-библиотеках (libexif, exiv2, exiftags)
Опубликовано:29 декабря 2007 г.
Источник:
SecurityVulns ID:8510
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные DoS-условия, переполнения буфера, целочисленные переполнения при разборе EXIF в JPEG/TIFF/RIFF.
Затронутые продукты:LIBEXIF : libexif 0.6
 EXIFTAGS : exiftags 1.0
 EXIV2 : exiv2 0.13
CVE:CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.)
 CVE-2007-6355 (Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6354.)
 CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6355.)
 CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.)
 CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags.)
 CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags.)
Оригинальный текстdocumentGENTOO, [Full-disclosure] [ GLSA 200712-15 ] libexif: Multiple vulnerabilities (29.12.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород