Bug 243888 (CVE-2006-4168) - CVE-2006-4168 libexif integer overflow
Summary: CVE-2006-4168 libexif integer overflow
Alias: CVE-2006-4168
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: reported=20070612,public=20070613,imp...
Depends On: 243890 243891 CVE-2007-4168 243893 243894 243895 243896
TreeView+ depends on / blocked
Reported: 2007-06-12 16:02 UTC by Mark J. Cox
Modified: 2019-06-08 12:20 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-01-15 17:01:47 UTC

Attachments (Terms of Use)
proposed patch from 0.6.16 (779 bytes, patch)
2007-06-12 16:02 UTC, Mark J. Cox
no flags Details | Diff

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0501 normal SHIPPED_LIVE Moderate: libexif integer overflow 2008-01-07 22:22:16 UTC

Description Mark J. Cox 2007-06-12 16:02:57 UTC
as pointed out to the libexif team by iDefense, older and current
libexif versions (at least 0.6.13, 0.6.14, 0.6.15) contain an integer
overflow which can result in heap corruption and segfaults or worse. The
detailed advisory will be released by iDefense tomorrow.

The libexif-0.6.16 release fixes the issue. It is available at

Comment 1 Mark J. Cox 2007-06-12 16:02:58 UTC
Created attachment 156803 [details]
proposed patch from 0.6.16

Comment 3 Josh Bressers 2007-06-12 20:37:26 UTC
The impact of this flaw is moderate.  After investigating how libexif is used,
there are no applications that will blindly call into it.  Everything requires
some form of user interaction to process the image data via libexif.

Comment 5 Josh Bressers 2007-06-13 13:51:06 UTC
This flaw is now public:

Comment 7 Mark J. Cox 2007-06-22 21:17:39 UTC
This was actually CVE-2006-4168

Comment 8 Red Hat Product Security 2008-01-15 17:01:47 UTC
This issue was addressed in:

Red Hat Enterprise Linux:


Note You need to log in before you can comment on or make changes to this bug.