as pointed out to the libexif team by iDefense, older and current
libexif versions (at least 0.6.13, 0.6.14, 0.6.15) contain an integer
overflow which can result in heap corruption and segfaults or worse. The
detailed advisory will be released by iDefense tomorrow.
The libexif-0.6.16 release fixes the issue. It is available at
Created attachment 156803 [details]
proposed patch from 0.6.16
The impact of this flaw is moderate. After investigating how libexif is used,
there are no applications that will blindly call into it. Everything requires
some form of user interaction to process the image data via libexif.
This flaw is now public:
This was actually CVE-2006-4168
This issue was addressed in:
Red Hat Enterprise Linux: