CVE-2007-2645 – LibEXIF 0.6.x - Exif_Data_Load_Data_Entry Remote Integer Overflow

https://notcve.org/view.php?id=CVE-2007-2645

Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable. Desbordamiento de entero en la función exif_data_load_data_entry en exif-data.c en libexif before 0.6.14 permite a atacantes con la intervención del usuario provocar denegación de servicio (caida) o posiblemente ejecutar código de su elección a través de datos EXIF manipulados, afectando a las variables (1) doff o (2) s. • https://www.exploit-db.com/exploits/30024 http://osvdb.org/35978 http://secunia.com/advisories/25235 http://secunia.com/advisories/25540 http://secunia.com/advisories/25569 http://secunia.com/advisories/25599 http://secunia.com/advisories/25621 http://secunia.com/advisories/25932 http://secunia.com/advisories/26083 http://secunia.com/advisories/28776 http://security.gentoo.org/glsa/glsa-200706-01.xml http://sourceforge.net/project/shownotes.php?release_id=507447 http:/ •