Vulnerabilities > CVE-2006-4168 - Integer Overflow vulnerability in EXIF Library EXIF File Processing

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
libexif
nessus

Summary

Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-605.NASL
    descriptionThe libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25589
    published2007-06-27
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25589
    titleFedora Core 5 : libexif-0.6.12-5 (2007-605)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-605.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25589);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:26");
    
      script_cve_id("CVE-2006-4168");
      script_xref(name:"FEDORA", value:"2007-605");
    
      script_name(english:"Fedora Core 5 : libexif-0.6.12-5 (2007-605)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The libexif package contains the EXIF library. Applications use this
    library to parse EXIF image files.
    
    An integer overflow flaw was found in the way libexif parses EXIF
    image tags. If a victim opens a carefully crafted EXIF image file it
    could cause the application linked against libexif to execute
    arbitrary code or crash. (CVE-2007-4168)
    
    Users of libexif should upgrade to these updated packages, which
    contain a backported patch and are not vulnerable to this issue.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-June/002325.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?98750f99"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected libexif, libexif-debuginfo and / or libexif-devel
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libexif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libexif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libexif-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC5", reference:"libexif-0.6.12-5")) flag++;
    if (rpm_check(release:"FC5", reference:"libexif-debuginfo-0.6.12-5")) flag++;
    if (rpm_check(release:"FC5", reference:"libexif-devel-0.6.12-5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libexif / libexif-debuginfo / libexif-devel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0501.NASL
    descriptionUpdated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25540
    published2007-06-18
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25540
    titleRHEL 4 / 5 : libexif (RHSA-2007:0501)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1310.NASL
    descriptionA vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data.
    last seen2020-06-01
    modified2020-06-02
    plugin id25532
    published2007-06-18
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25532
    titleDebian DSA-1310-1 : libexif - integer overflow
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-0414.NASL
    descriptionThe libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27666
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27666
    titleFedora 7 : libexif-0.6.15-2.fc7 (2007-0414)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-4608.NASL
    descriptionThis update fixes two recently discovered vulnerabilities in libexif, CVE-2007-6351 and CVE-2007-6352. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id29762
    published2007-12-24
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29762
    titleFedora 7 : libexif-0.6.15-3.fc7 (2007-4608)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-128.NASL
    descriptionAnother integer overflow was found in the way libexif parses EXIF image tags. An individual who opened a carefully-crafted EXIF image file could cause the application linked against libexif to crash or possibly execute arbitrary code. Updated packages have been patched to prevent this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25563
    published2007-06-21
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25563
    titleMandrake Linux Security Advisory : libexif (MDKSA-2007:128)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0501.NASL
    descriptionFrom Red Hat Security Advisory 2007:0501 : Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67524
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67524
    titleOracle Linux 4 / 5 : libexif (ELSA-2007-0501)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200706-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200706-09 (libexif: Buffer overflow) iDefense Labs have discovered that the exif_data_load_data_entry() function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an integer overflow possibly leading to a heap-based buffer overflow. Impact : An attacker could entice a user of an application making use of a vulnerable version of libexif to load a specially crafted image file, possibly resulting in a crash of the application or the execution of arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id25594
    published2007-06-27
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25594
    titleGLSA-200706-09 : libexif: Buffer overflow
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0501.NASL
    descriptionUpdated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25528
    published2007-06-18
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25528
    titleCentOS 4 / 5 : libexif (CESA-2007:0501)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-478-1.NASL
    descriptionSean Larsson discovered that libexif did not correctly verify the size of EXIF components. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28079
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28079
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : libexif vulnerability (USN-478-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070614_LIBEXIF_ON_SL5_X__SL4_X.NASL
    descriptionAn integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168)
    last seen2020-06-01
    modified2020-06-02
    plugin id60210
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60210
    titleScientific Linux Security Update : libexif on SL5.x, SL4.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-614.NASL
    descriptionThe libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25619
    published2007-06-29
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25619
    titleFedora Core 6 : libexif-0.6.15-2.fc6 (2007-614)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-164-01.NASL
    descriptionNew libexif packages are available for Slackware 10.2, 11.0, and -current to fix a crash and potential security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25771
    published2007-07-27
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25771
    titleSlackware 10.2 / 11.0 / current : libexif (SSA:2007-164-01)

Oval

accepted2013-04-29T04:18:54.906-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionInteger overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
familyunix
idoval:org.mitre.oval:def:9349
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
version27

Redhat

advisories
bugzilla
id243888
titleCVE-2006-4168 libexif integer overflow
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentlibexif-devel is earlier than 0:0.5.12-5.1.0.2
          ovaloval:com.redhat.rhsa:tst:20070501001
        • commentlibexif-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070501002
      • AND
        • commentlibexif is earlier than 0:0.5.12-5.1.0.2
          ovaloval:com.redhat.rhsa:tst:20070501003
        • commentlibexif is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070501004
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentlibexif-devel is earlier than 0:0.6.13-4.0.2.el5
          ovaloval:com.redhat.rhsa:tst:20070501006
        • commentlibexif-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070501007
      • AND
        • commentlibexif is earlier than 0:0.6.13-4.0.2.el5
          ovaloval:com.redhat.rhsa:tst:20070501008
        • commentlibexif is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070501009
rhsa
idRHSA-2007:0501
released2008-01-07
severityModerate
titleRHSA-2007:0501: libexif integer overflow (Moderate)
rpms
  • libexif-0:0.5.12-5.1.0.2
  • libexif-0:0.6.13-4.0.2.el5
  • libexif-debuginfo-0:0.5.12-5.1.0.2
  • libexif-debuginfo-0:0.6.13-4.0.2.el5
  • libexif-devel-0:0.5.12-5.1.0.2
  • libexif-devel-0:0.6.13-4.0.2.el5