Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2007-6353

Published: 20/12/2007 Updated: 08/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Exiv2

Vulnerability Summary

Integer overflow in exif.cpp in exiv2 library allows context-dependent malicious users to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

exiv2 exiv2

Vendor Advisories

Debian CVElist Bug Report Logs: exiv2: CVE-2007-6353 integer overflow in EXIF parsing
Debian Bug report logs - #456760 exiv2: CVE-2007-6353 integer overflow in EXIF parsing Package: exiv2; Maintainer for exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Source for exiv2 is src:exiv2 (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Mon, 17 Dec 2007 17:48:01 ...
Ubuntu Security Notice: exiv2 vulnerabilities
Meder Kydyraliev discovered that exiv2 did not correctly handle certain EXIF headers If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges (CVE-20 ...
Debian Security Advisories: DSA-1474-1 exiv2 -- integer overflow
Meder Kydyraliev discovered an integer overflow in the thumbnail handling of libexif, the EXIF/IPTC metadata manipulation library, which could result in the execution of arbitrary code The old stable distribution (sarge) doesn't contain exiv2 packages For the stable distribution (etch), this problem has been fixed in version 010-15 We recommen ...

References

CWE-189https://bugzilla.redhat.com/show_bug.cgi?id=425921http://secunia.com/advisories/28132http://bugs.gentoo.org/show_bug.cgi?id=202351https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.htmlhttp://security.gentoo.org/glsa/glsa-200712-16.xmlhttp://www.securityfocus.com/bid/26918http://secunia.com/advisories/28178http://secunia.com/advisories/28267http://www.mandriva.com/security/advisories?name=MDVSA-2008:006http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://secunia.com/advisories/28412http://www.debian.org/security/2008/dsa-1474http://secunia.com/advisories/28610http://secunia.com/advisories/32273http://www.ubuntu.com/usn/usn-655-1http://www.vupen.com/english/advisories/2007/4252https://exchange.xforce.ibmcloud.com/vulnerabilities/39118https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456760https://usn.ubuntu.com/655-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook