CVE-2007-6354

Related Files

Debian Linux Security Advisory 1533-2

Posted Apr 2, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1533-2 - Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. This update merely adds the packages for Debian 3.1 sarge (oldstable) which were missing in the previous DSA.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2007-6354, CVE-2007-6355, CVE-2007-6356

SHA-256 | f216ca24b3ab1a9a05efec5902aaf2dec3394ff764813985896d78e9f8d0d7ae

Download | Favorite | View

Debian Linux Security Advisory 1533-1

Posted Mar 28, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1533-1 - Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2007-6354, CVE-2007-6355, CVE-2007-6356

SHA-256 | fdd4dd5399f82e7f5885c40c212c136dbec30e69ad59365ec0ee9e18fef79b4e

Download | Favorite | View

Gentoo Linux Security Advisory 200712-17

Posted Dec 29, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-17 - Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356). Versions less than 1.01 are affected.

tags | advisory, overflow, vulnerability

systems | linux, gentoo

advisories | CVE-2007-6354, CVE-2007-6355, CVE-2007-6356

SHA-256 | f30846d92920feb64cca0600f08f57d830e4f7c5ad70f386131e9e96d25cbe72

Download | Favorite | View