Published: 18/12/2007 Updated: 08/03/2011

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

exiftags prior to 1.01 allows malicious users to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aertherwide exiftags

Debian Bug report logs - #457062 exiftags: CVE-2007-635{4,5,6} multiple vulnerabilities Package: exiftags; Maintainer for exiftags is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for exiftags is src:exiftags (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Wed, 19 Dec 2007 13:15:02 UTC Seve ...

Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images The Common Vulnerabilities and Exposures project identified the following three problems: CVE-2007-6354 Inadequate EXIF property validation could lead to invalid memory accesse ...

CWE-399 http://johnst.org/sw/exiftags/CHANGES http://secunia.com/advisories/28110 http://bugs.gentoo.org/show_bug.cgi?id=202354 http://security.gentoo.org/glsa/glsa-200712-17.xml http://www.securityfocus.com/bid/26892 http://secunia.com/advisories/28268 http://www.debian.org/security/2008/dsa-1533 http://secunia.com/advisories/29580 http://www.vupen.com/english/advisories/2007/4251 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457062 https://nvd.nist.gov https://www.debian.org/security/./dsa-1533

CVE-2007-6356

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect