Vulnerabilities > CVE-2006-4168 - Unspecified vulnerability in Libexif
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN libexif
nessus
Summary
Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2007-605.NASL description The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25589 published 2007-06-27 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25589 title Fedora Core 5 : libexif-0.6.12-5 (2007-605) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-605. # include("compat.inc"); if (description) { script_id(25589); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2006-4168"); script_xref(name:"FEDORA", value:"2007-605"); script_name(english:"Fedora Core 5 : libexif-0.6.12-5 (2007-605)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-June/002325.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?98750f99" ); script_set_attribute( attribute:"solution", value: "Update the affected libexif, libexif-debuginfo and / or libexif-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libexif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libexif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libexif-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"libexif-0.6.12-5")) flag++; if (rpm_check(release:"FC5", reference:"libexif-debuginfo-0.6.12-5")) flag++; if (rpm_check(release:"FC5", reference:"libexif-devel-0.6.12-5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libexif / libexif-debuginfo / libexif-devel"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0501.NASL description Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25540 published 2007-06-18 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25540 title RHEL 4 / 5 : libexif (RHSA-2007:0501) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1310.NASL description A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data. last seen 2020-06-01 modified 2020-06-02 plugin id 25532 published 2007-06-18 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25532 title Debian DSA-1310-1 : libexif - integer overflow NASL family Fedora Local Security Checks NASL id FEDORA_2007-0414.NASL description The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27666 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27666 title Fedora 7 : libexif-0.6.15-2.fc7 (2007-0414) NASL family Fedora Local Security Checks NASL id FEDORA_2007-4608.NASL description This update fixes two recently discovered vulnerabilities in libexif, CVE-2007-6351 and CVE-2007-6352. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29762 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29762 title Fedora 7 : libexif-0.6.15-3.fc7 (2007-4608) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-128.NASL description Another integer overflow was found in the way libexif parses EXIF image tags. An individual who opened a carefully-crafted EXIF image file could cause the application linked against libexif to crash or possibly execute arbitrary code. Updated packages have been patched to prevent this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25563 published 2007-06-21 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25563 title Mandrake Linux Security Advisory : libexif (MDKSA-2007:128) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0501.NASL description From Red Hat Security Advisory 2007:0501 : Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67524 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67524 title Oracle Linux 4 / 5 : libexif (ELSA-2007-0501) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200706-09.NASL description The remote host is affected by the vulnerability described in GLSA-200706-09 (libexif: Buffer overflow) iDefense Labs have discovered that the exif_data_load_data_entry() function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an integer overflow possibly leading to a heap-based buffer overflow. Impact : An attacker could entice a user of an application making use of a vulnerable version of libexif to load a specially crafted image file, possibly resulting in a crash of the application or the execution of arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25594 published 2007-06-27 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25594 title GLSA-200706-09 : libexif: Buffer overflow NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0501.NASL description Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25528 published 2007-06-18 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25528 title CentOS 4 / 5 : libexif (CESA-2007:0501) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-478-1.NASL description Sean Larsson discovered that libexif did not correctly verify the size of EXIF components. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28079 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28079 title Ubuntu 6.06 LTS / 6.10 / 7.04 : libexif vulnerability (USN-478-1) NASL family Scientific Linux Local Security Checks NASL id SL_20070614_LIBEXIF_ON_SL5_X__SL4_X.NASL description An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) last seen 2020-06-01 modified 2020-06-02 plugin id 60210 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60210 title Scientific Linux Security Update : libexif on SL5.x, SL4.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2007-614.NASL description The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25619 published 2007-06-29 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25619 title Fedora Core 6 : libexif-0.6.15-2.fc6 (2007-614) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-164-01.NASL description New libexif packages are available for Slackware 10.2, 11.0, and -current to fix a crash and potential security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25771 published 2007-07-27 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25771 title Slackware 10.2 / 11.0 / current : libexif (SSA:2007-164-01)
Oval
| accepted | 2013-04-29T04:18:54.906-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:9349 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543
- http://osvdb.org/35379
- http://osvdb.org/35379
- http://secunia.com/advisories/25642
- http://secunia.com/advisories/25642
- http://secunia.com/advisories/25645
- http://secunia.com/advisories/25645
- http://secunia.com/advisories/25674
- http://secunia.com/advisories/25674
- http://secunia.com/advisories/25717/
- http://secunia.com/advisories/25717/
- http://secunia.com/advisories/25746
- http://secunia.com/advisories/25746
- http://secunia.com/advisories/25768
- http://secunia.com/advisories/25768
- http://secunia.com/advisories/25820
- http://secunia.com/advisories/25820
- http://secunia.com/advisories/25842
- http://secunia.com/advisories/25842
- http://secunia.com/advisories/25932
- http://secunia.com/advisories/25932
- http://secunia.com/advisories/26083
- http://secunia.com/advisories/26083
- http://security.gentoo.org/glsa/glsa-200706-09.xml
- http://security.gentoo.org/glsa/glsa-200706-09.xml
- http://sourceforge.net/project/shownotes.php?release_id=515385
- http://sourceforge.net/project/shownotes.php?release_id=515385
- http://www.debian.org/security/2007/dsa-1310
- http://www.debian.org/security/2007/dsa-1310
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:128
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:128
- http://www.novell.com/linux/security/advisories/2007_14_sr.html
- http://www.novell.com/linux/security/advisories/2007_14_sr.html
- http://www.novell.com/linux/security/advisories/2007_39_libexif.html
- http://www.novell.com/linux/security/advisories/2007_39_libexif.html
- http://www.securityfocus.com/archive/1/472046/100/0/threaded
- http://www.securityfocus.com/archive/1/472046/100/0/threaded
- http://www.securityfocus.com/bid/24461
- http://www.securityfocus.com/bid/24461
- http://www.securitytracker.com/id?1018240
- http://www.securitytracker.com/id?1018240
- http://www.ubuntu.com/usn/usn-478-1
- http://www.ubuntu.com/usn/usn-478-1
- http://www.vupen.com/english/advisories/2007/2165
- http://www.vupen.com/english/advisories/2007/2165
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34851
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34851
- https://issues.rpath.com/browse/RPL-1482
- https://issues.rpath.com/browse/RPL-1482
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9349
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9349
- https://rhn.redhat.com/errata/RHSA-2007-0501.html
- https://rhn.redhat.com/errata/RHSA-2007-0501.html