Published: 20/11/2009 Updated: 17/08/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows remote malicious users to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: some of these details are obtained from third party information.

Affected Products

Vendor Product Versions
Curtis GallowayLibexif0.6.18

Vendor Advisories

Debian Bug report logs - #557137 libexif: CVE-2009-3895: heap buffer overflow when processing certain images Package: libexif12; Maintainer for libexif12 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Source for libexif12 is src:libexif (PTS, buildd, popcon) Reported by: Raphael Geissert &lt ...