Debian Bug report logs -
#457330
libexif: CVE-2007-6351 CVE-2007-6352 multiple integer flows leading to denial of service and arbitrary code execution
Reported by: Nico Golde <nion@debian.org>
Date: Fri, 21 Dec 2007 16:18:02 UTC
Severity: grave
Tags: patch, security
Found in version 0.6.9-6sarge1
Fixed in version libexif/0.6.16-2.1
Done: Nico Golde <nion@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#457330; Package libexif.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libexif
Version: 0.6.9-6sarge1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libexif.
CVE-2007-6352[0]:
| Integer overflow in libexif 0.6.16 and earlier allows
| context-dependent attackers to execute arbitrary code via an image
| with crafted EXIF tags.
CVE-2007-6351[1]:
| libexif 0.6.16 and earlier allows context-dependent
| attackers to cause a denial of service (infinite recursion)
| via an image file with crafted EXIF tags.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#457330; Package libexif.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #10 received at 457330@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 457330 + patch
thanks
Hi Frederic,
just in case you have no time and to provide the patches I
attached a patch for an NMU to fix this.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/libexif-0.6.16-2_0.6.16-2.1.patch
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[libexif-0.6.16-2_0.6.16-2.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Tags added: patch
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Fri, 21 Dec 2007 16:42:02 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#457330; Package libexif.
(full text, mbox, link).
Acknowledgement sent to Frederic Peters <fpeters@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #17 received at 457330@bugs.debian.org (full text, mbox, reply):
Nico Golde wrote:
> tags 457330 + patch
> thanks
>
> Hi Frederic,
> just in case you have no time and to provide the patches I
> attached a patch for an NMU to fix this.
> It will be also archived on:
> http://people.debian.org/~nion/nmu-diff/libexif-0.6.16-2_0.6.16-2.1.patch
Could you upload it ? I am busy on wireshark at the moment.
Thanks,
Frederic
Information forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#457330; Package libexif.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #22 received at 457330@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Frederic,
* Frederic Peters <fpeters@debian.org> [2007-12-21 17:48]:
> Nico Golde wrote:
> > Hi Frederic,
> > just in case you have no time and to provide the patches I
> > attached a patch for an NMU to fix this.
> > It will be also archived on:
> > http://people.debian.org/~nion/nmu-diff/libexif-0.6.16-2_0.6.16-2.1.patch
>
> Could you upload it ? I am busy on wireshark at the moment.
Sure, will do.
Thanks for taking care of wireshark!
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #27 received at 457330-close@bugs.debian.org (full text, mbox, reply):
Source: libexif
Source-Version: 0.6.16-2.1
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive:
libexif-dev_0.6.16-2.1_i386.deb
to pool/main/libe/libexif/libexif-dev_0.6.16-2.1_i386.deb
libexif12_0.6.16-2.1_i386.deb
to pool/main/libe/libexif/libexif12_0.6.16-2.1_i386.deb
libexif_0.6.16-2.1.diff.gz
to pool/main/libe/libexif/libexif_0.6.16-2.1.diff.gz
libexif_0.6.16-2.1.dsc
to pool/main/libe/libexif/libexif_0.6.16-2.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 457330@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 21 Dec 2007 17:13:58 +0100
Source: libexif
Binary: libexif12 libexif-dev
Architecture: source i386
Version: 0.6.16-2.1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <fpeters@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
libexif-dev - library to parse EXIF files (development files)
libexif12 - library to parse EXIF files
Closes: 457330 457330
Changes:
libexif (0.6.16-2.1) unstable; urgency=high
.
* Non-maintainer upload by security team.
* This update addresses the following security issues:
- possible denial of service attack via crafted
image file leading to an infinite recursion in the
exif-loader.c (CVE-2007-6351; Closes: #457330).
- integer overflow in exif-data.c triggered by a crafted
image file could lead to arbitrary code execution
(CVE-2007-6352; Closes: #457330).
Files:
a22d0350058d240f2fb337c473ebe0fd 615 libs optional libexif_0.6.16-2.1.dsc
077206efeafbee981b41f5eea67024c7 15103 libs optional libexif_0.6.16-2.1.diff.gz
d92a74a44d95d55f1d8b44381af7a0de 147904 libdevel optional libexif-dev_0.6.16-2.1_i386.deb
70683c69cdc384dd6717c88f09557c2e 235592 libs optional libexif12_0.6.16-2.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHa/CKHYflSXNkfP8RAjnsAKCEGaAjLE940JGa7SX+PlpOEleDxQCcC+qO
M+NaccVuEGJEEZYJfmj3bcI=
=pxdQ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 19 Jan 2008 07:29:42 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:46:53 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon