Bug 243888 - (CVE-2006-4168) CVE-2006-4168 libexif integer overflow
CVE-2006-4168 libexif integer overflow
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
reported=20070612,public=20070613,imp...
: Security
Depends On: 243890 243891 CVE-2007-4168 243893 243894 243895 243896
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-12 12:02 EDT by Mark J. Cox (Product Security)
Modified: 2016-03-04 06:02 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-15 12:01:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed patch from 0.6.16 (779 bytes, patch)
2007-06-12 12:02 EDT, Mark J. Cox (Product Security)
no flags Details | Diff

  None (edit)
Description Mark J. Cox (Product Security) 2007-06-12 12:02:57 EDT
as pointed out to the libexif team by iDefense, older and current
libexif versions (at least 0.6.13, 0.6.14, 0.6.15) contain an integer
overflow which can result in heap corruption and segfaults or worse. The
detailed advisory will be released by iDefense tomorrow.

The libexif-0.6.16 release fixes the issue. It is available at
https://sourceforge.net/project/showfiles.php?group_id=12272
Comment 1 Mark J. Cox (Product Security) 2007-06-12 12:02:58 EDT
Created attachment 156803 [details]
proposed patch from 0.6.16
Comment 3 Josh Bressers 2007-06-12 16:37:26 EDT
The impact of this flaw is moderate.  After investigating how libexif is used,
there are no applications that will blindly call into it.  Everything requires
some form of user interaction to process the image data via libexif.
Comment 5 Josh Bressers 2007-06-13 09:51:06 EDT
This flaw is now public:
http://secunia.com/advisories/25642/
Comment 7 Mark J. Cox (Product Security) 2007-06-22 17:17:39 EDT
This was actually CVE-2006-4168
Comment 8 Red Hat Product Security 2008-01-15 12:01:47 EST
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0501.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-0414


Note You need to log in before you can comment on or make changes to this bug.