Bug 243888 - (CVE-2006-4168) CVE-2006-4168 libexif integer overflow
CVE-2006-4168 libexif integer overflow
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 243890 243891 CVE-2007-4168 243893 243894 243895 243896
  Show dependency treegraph
Reported: 2007-06-12 12:02 EDT by Mark J. Cox
Modified: 2016-03-04 06:02 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-15 12:01:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
proposed patch from 0.6.16 (779 bytes, patch)
2007-06-12 12:02 EDT, Mark J. Cox
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0501 normal SHIPPED_LIVE Moderate: libexif integer overflow 2008-01-07 17:22:16 EST

  None (edit)
Description Mark J. Cox 2007-06-12 12:02:57 EDT
as pointed out to the libexif team by iDefense, older and current
libexif versions (at least 0.6.13, 0.6.14, 0.6.15) contain an integer
overflow which can result in heap corruption and segfaults or worse. The
detailed advisory will be released by iDefense tomorrow.

The libexif-0.6.16 release fixes the issue. It is available at
Comment 1 Mark J. Cox 2007-06-12 12:02:58 EDT
Created attachment 156803 [details]
proposed patch from 0.6.16
Comment 3 Josh Bressers 2007-06-12 16:37:26 EDT
The impact of this flaw is moderate.  After investigating how libexif is used,
there are no applications that will blindly call into it.  Everything requires
some form of user interaction to process the image data via libexif.
Comment 5 Josh Bressers 2007-06-13 09:51:06 EDT
This flaw is now public:
Comment 7 Mark J. Cox 2007-06-22 17:17:39 EDT
This was actually CVE-2006-4168
Comment 8 Red Hat Product Security 2008-01-15 12:01:47 EST
This issue was addressed in:

Red Hat Enterprise Linux:


Note You need to log in before you can comment on or make changes to this bug.