CVE-2007-6352: Integer Overflow
First published: Fri Dec 14 2007(Updated: )
An integer overflow flaw was found in libexif. This flaw could be leveraged by an attacker to execute arbitrary code withe the permissions of the application parsing the EXIF image data.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Libexif12 | <=0.6.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2007-1165.html
- http://www.redhat.com/support/errata/RHSA-2007-1166.html
- http://www.securityfocus.com/bid/26942
- https://bugzilla.redhat.com/show_bug.cgi?id=425621
- https://bugzilla.redhat.com/show_bug.cgi?id=425631
- http://bugs.gentoo.org/show_bug.cgi?id=202350
- https://issues.rpath.com/browse/RPL-2068
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00597.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00626.html
- http://security.gentoo.org/glsa/glsa-200712-15.xml
- http://www.securitytracker.com/id?1019124
- http://secunia.com/advisories/28076
- http://secunia.com/advisories/28127
- http://secunia.com/advisories/28195
- http://secunia.com/advisories/28266
- http://secunia.com/advisories/28346
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:005
- http://secunia.com/advisories/28400
- http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
- http://secunia.com/advisories/28636
- http://www.debian.org/security/2008/dsa-1487
- http://secunia.com/advisories/28776
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-234701-1
- http://secunia.com/advisories/29381
- http://www.ubuntu.com/usn/usn-654-1
- http://secunia.com/advisories/32274
- http://osvdb.org/42653
- http://www.vupen.com/english/advisories/2007/4278
- http://www.vupen.com/english/advisories/2008/0947/references
- https://bugzilla.redhat.com/show_bug.cgi?id=425561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39167
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4814
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11029
- http://www.securityfocus.com/archive/1/485822/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-6352?
CVE-2007-6352 is classified as a high severity vulnerability due to its potential to allow attackers to execute arbitrary code.
How do I fix CVE-2007-6352?
To fix CVE-2007-6352, upgrade libexif to version 0.6.17 or later.
What applications are affected by CVE-2007-6352?
CVE-2007-6352 affects libexif version 0.6.16 and earlier.
What type of flaw is described in CVE-2007-6352?
CVE-2007-6352 describes an integer overflow flaw that can be exploited to execute arbitrary code.
Can CVE-2007-6352 be exploited remotely?
Yes, CVE-2007-6352 can be exploited by attackers through specially crafted EXIF image data.
- agent/type
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2007-6352
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/trending
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- vendor/libexif
- canonical/suse libexif12
- version/suse libexif12/0.6.16