243888 – (CVE-2006-4168) CVE-2006-4168 libexif integer overflow

Bug 243888 (CVE-2006-4168) - CVE-2006-4168 libexif integer overflow

Summary: CVE-2006-4168 libexif integer overflow

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2006-4168
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	243890 243891 CVE-2007-4168 243893 243894 243895 243896
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-12 16:02 UTC by Mark J. Cox
Modified:	2019-09-29 12:20 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-01-15 17:01:47 UTC
Embargoed:

Attachments	(Terms of Use)
proposed patch from 0.6.16 (779 bytes, patch) 2007-06-12 16:02 UTC, Mark J. Cox	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0501	0	normal	SHIPPED_LIVE	Moderate: libexif integer overflow	2008-01-07 22:22:16 UTC

Description Mark J. Cox 2007-06-12 16:02:57 UTC

as pointed out to the libexif team by iDefense, older and current
libexif versions (at least 0.6.13, 0.6.14, 0.6.15) contain an integer
overflow which can result in heap corruption and segfaults or worse. The
detailed advisory will be released by iDefense tomorrow.

The libexif-0.6.16 release fixes the issue. It is available at
https://sourceforge.net/project/showfiles.php?group_id=12272

Comment 1 Mark J. Cox 2007-06-12 16:02:58 UTC

Created attachment 156803 [details]
proposed patch from 0.6.16

Comment 3 Josh Bressers 2007-06-12 20:37:26 UTC

The impact of this flaw is moderate.  After investigating how libexif is used,
there are no applications that will blindly call into it.  Everything requires
some form of user interaction to process the image data via libexif.

Comment 5 Josh Bressers 2007-06-13 13:51:06 UTC

This flaw is now public:
http://secunia.com/advisories/25642/

Comment 7 Mark J. Cox 2007-06-22 21:17:39 UTC

This was actually CVE-2006-4168

Comment 8 Red Hat Product Security 2008-01-15 17:01:47 UTC

This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0501.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-0414

Note You need to log in before you can comment on or make changes to this bug.