CVE-2007-6352 – libexif integer overflow
https://notcve.org/view.php?id=CVE-2007-6352
Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c. Un desbordamiento de enteros en libexif versión 0.6.16 y anteriores, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de una imagen con etiquetas EXIF especialmente diseñadas, lo que posiblemente involucra la función exif_data_load_data_thumbnail en el archivo exif-data.c. • http://bugs.gentoo.org/show_bug.cgi?id=202350 http://osvdb.org/42653 http://secunia.com/advisories/28076 http://secunia.com/advisories/28127 http://secunia.com/advisories/28195 http://secunia.com/advisories/28266 http://secunia.com/advisories/28346 http://secunia.com/advisories/28400 http://secunia.com/advisories/28636 http://secunia.com/advisories/28776 http://secunia.com/advisories/29381 http://secunia.com/advisories/32274 http://security.gentoo.org/glsa/glsa-2007 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2006-4168 – libexif integer overflow
https://notcve.org/view.php?id=CVE-2006-4168
Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función exif_data_load_data_entry en libexif/exif-data.c en Libexif anterior a 0.6.16 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o ejecutar código de su elección a través de una imagen con diferentes componentes EXIF, lo cual dispara un desbordamiento de búfer basado en pila. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543 http://osvdb.org/35379 http://secunia.com/advisories/25642 http://secunia.com/advisories/25645 http://secunia.com/advisories/25674 http://secunia.com/advisories/25717 http://secunia.com/advisories/25746 http://secunia.com/advisories/25768 http://secunia.com/advisories/25820 http://secunia.com/advisories/25842 http://secunia.com/advisories/25932 http://secunia.com/advisories/26083 http://security.gentoo. • CWE-190: Integer Overflow or Wraparound •
CVE-2007-2645 – LibEXIF 0.6.x - Exif_Data_Load_Data_Entry Remote Integer Overflow
https://notcve.org/view.php?id=CVE-2007-2645
Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable. Desbordamiento de entero en la función exif_data_load_data_entry en exif-data.c en libexif before 0.6.14 permite a atacantes con la intervención del usuario provocar denegación de servicio (caida) o posiblemente ejecutar código de su elección a través de datos EXIF manipulados, afectando a las variables (1) doff o (2) s. • https://www.exploit-db.com/exploits/30024 http://osvdb.org/35978 http://secunia.com/advisories/25235 http://secunia.com/advisories/25540 http://secunia.com/advisories/25569 http://secunia.com/advisories/25599 http://secunia.com/advisories/25621 http://secunia.com/advisories/25932 http://secunia.com/advisories/26083 http://secunia.com/advisories/28776 http://security.gentoo.org/glsa/glsa-200706-01.xml http://sourceforge.net/project/shownotes.php?release_id=507447 http:/ •
CVE-2005-0664
https://notcve.org/view.php?id=CVE-2005-0664
Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag. • http://secunia.com/advisories/17705 http://securitytracker.com/id?1013398 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102041-1 http://www.debian.org/security/2005/dsa-709 http://www.gentoo.org/security/en/glsa/glsa-200503-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:064 http://www.redhat.com/support/errata/RHSA-2005-300.html http://www.vupen.com/english/advisories/2005/0240 http://www.vupen.com/english/advisories/2005/2565 https:/ •