Bug 243888 (CVE-2006-4168)
Summary: | CVE-2006-4168 libexif integer overflow | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mark J. Cox <mjc> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | mclasen, security-response-team | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-01-15 17:01:47 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 243890, 243891, 243892, 243893, 243894, 243895, 243896 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Mark J. Cox
2007-06-12 16:02:57 UTC
Created attachment 156803 [details]
proposed patch from 0.6.16
The impact of this flaw is moderate. After investigating how libexif is used, there are no applications that will blindly call into it. Everything requires some form of user interaction to process the image data via libexif. This flaw is now public: http://secunia.com/advisories/25642/ This was actually CVE-2006-4168 This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0501.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-0414 |