Sean Larsson discovered that libexif did not correctly verify the size of
EXIF components By tricking a user into opening an image with specially
crafted EXIF headers, a remote attacker could cause the application
using libexif to execute arbitrary code with user privileges ...
Debian Bug report logs -
CVE-2006-4168: Integer overflow vulnerability fixed in 0616
Maintainer for libexif12 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Source for libexif12 is src:libexif (PTS, buildd, popcon)
Reported by: Stefan Fritsch <sf@debianorg&g ...