Vulnerabilities > CVE-2007-6353 - Numeric Errors vulnerability in Exiv2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-006.NASL description An integer overflow in the Exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36426 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36426 title Mandriva Linux Security Advisory : exiv2 (MDVSA-2008:006) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2008:006. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(36426); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:50"); script_cve_id("CVE-2007-6353"); script_xref(name:"MDVSA", value:"2008:006"); script_name(english:"Mandriva Linux Security Advisory : exiv2 (MDVSA-2008:006)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An integer overflow in the Exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:exiv2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64exiv2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64exiv2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libexiv2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libexiv2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.1", reference:"exiv2-0.13-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64exiv2-0.13-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64exiv2-devel-0.13-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libexiv2-0.13-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libexiv2-devel-0.13-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"exiv2-0.15-2.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64exiv2-0.15-2.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64exiv2-devel-0.15-2.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libexiv2-0.15-2.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libexiv2-devel-0.15-2.1mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-655-1.NASL description Meder Kydyraliev discovered that exiv2 did not correctly handle certain EXIF headers. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges. (CVE-2007-6353) Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon lens EXIF information. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service. (CVE-2008-2696). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37662 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37662 title Ubuntu 7.04 / 7.10 / 8.04 LTS : exiv2 vulnerabilities (USN-655-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-655-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(37662); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2007-6353", "CVE-2008-2696"); script_bugtraq_id(26918); script_xref(name:"USN", value:"655-1"); script_name(english:"Ubuntu 7.04 / 7.10 / 8.04 LTS : exiv2 vulnerabilities (USN-655-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Meder Kydyraliev discovered that exiv2 did not correctly handle certain EXIF headers. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges. (CVE-2007-6353) Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon lens EXIF information. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service. (CVE-2008-2696). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/655-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:exiv2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libexiv2-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libexiv2-0.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libexiv2-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libexiv2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libexiv2-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"patch_publication_date", value:"2008/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(7\.04|7\.10|8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 7.04 / 7.10 / 8.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"7.04", pkgname:"exiv2", pkgver:"0.12-0ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libexiv2-0.12", pkgver:"0.12-0ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libexiv2-dev", pkgver:"0.12-0ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libexiv2-doc", pkgver:"0.12-0ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"exiv2", pkgver:"0.15-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libexiv2-0", pkgver:"0.15-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libexiv2-dev", pkgver:"0.15-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libexiv2-doc", pkgver:"0.15-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"exiv2", pkgver:"0.16-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libexiv2-2", pkgver:"0.16-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libexiv2-dev", pkgver:"0.16-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libexiv2-doc", pkgver:"0.16-3ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exiv2 / libexiv2-0 / libexiv2-0.12 / libexiv2-2 / libexiv2-dev / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-4551.NASL description - Mon Dec 17 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-5 - CVE-2007-6353 (#425922) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29757 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29757 title Fedora 8 : exiv2-0.15-5.fc8 (2007-4551) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-4551. # include("compat.inc"); if (description) { script_id(29757); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-6353"); script_bugtraq_id(26918); script_xref(name:"FEDORA", value:"2007-4551"); script_name(english:"Fedora 8 : exiv2-0.15-5.fc8 (2007-4551)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Dec 17 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-5 - CVE-2007-6353 (#425922) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=425921" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=425922" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/006136.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?38ef90c2" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:exiv2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:exiv2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:exiv2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:exiv2-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"exiv2-0.15-5.fc8")) flag++; if (rpm_check(release:"FC8", reference:"exiv2-debuginfo-0.15-5.fc8")) flag++; if (rpm_check(release:"FC8", reference:"exiv2-devel-0.15-5.fc8")) flag++; if (rpm_check(release:"FC8", reference:"exiv2-libs-0.15-5.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exiv2 / exiv2-debuginfo / exiv2-devel / exiv2-libs"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1474.NASL description Meder Kydyraliev discovered an integer overflow in the thumbnail handling of libexif, the EXIF/IPTC metadata manipulation library, which could result in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 30066 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30066 title Debian DSA-1474-1 : exiv2 - integer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1474. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(30066); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2007-6353"); script_xref(name:"DSA", value:"1474"); script_name(english:"Debian DSA-1474-1 : exiv2 - integer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Meder Kydyraliev discovered an integer overflow in the thumbnail handling of libexif, the EXIF/IPTC metadata manipulation library, which could result in the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1474" ); script_set_attribute( attribute:"solution", value: "Upgrade the exiv2 packages. The old stable distribution (sarge) doesn't contain exiv2 packages. For the stable distribution (etch), this problem has been fixed in version 0.10-1.5." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:exiv2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"exiv2", reference:"0.10-1.5")) flag++; if (deb_check(release:"4.0", prefix:"libexiv2-0.10", reference:"0.10-1.5")) flag++; if (deb_check(release:"4.0", prefix:"libexiv2-dev", reference:"0.10-1.5")) flag++; if (deb_check(release:"4.0", prefix:"libexiv2-doc", reference:"0.10-1.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200712-16.NASL description The remote host is affected by the vulnerability described in GLSA-200712-16 (Exiv2: Integer overflow) Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow. Impact : An attacker could entice the user of an application making use of Exiv2 or an application included in Exiv2 to load an image file with specially crafted Exif tags, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 29813 published 2007-12-31 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29813 title GLSA-200712-16 : Exiv2: Integer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200712-16. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(29813); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-6353"); script_bugtraq_id(26918); script_xref(name:"GLSA", value:"200712-16"); script_name(english:"GLSA-200712-16 : Exiv2: Integer overflow"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200712-16 (Exiv2: Integer overflow) Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow. Impact : An attacker could entice the user of an application making use of Exiv2 or an application included in Exiv2 to load an image file with specially crafted Exif tags, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200712-16" ); script_set_attribute( attribute:"solution", value: "All Exiv2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/exiv2-0.13-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:exiv2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-gfx/exiv2", unaffected:make_list("ge 0.13-r1"), vulnerable:make_list("lt 0.13-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Exiv2"); }NASL family SuSE Local Security Checks NASL id SUSE_LIBEXIV2-4850.NASL description Specially crafted files could trigger an integer overflow in libexiv2 (CVE-2007-6353). last seen 2020-06-01 modified 2020-06-02 plugin id 29787 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29787 title openSUSE 10 Security Update : libexiv2 (libexiv2-4850) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libexiv2-4850. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(29787); script_version ("1.9"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-6353"); script_name(english:"openSUSE 10 Security Update : libexiv2 (libexiv2-4850)"); script_summary(english:"Check for the libexiv2-4850 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted files could trigger an integer overflow in libexiv2 (CVE-2007-6353)." ); script_set_attribute( attribute:"solution", value:"Update the affected libexiv2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexiv2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexiv2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"libexiv2-0.11-0.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"libexiv2-devel-0.11-0.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"libexiv2-0.15-8.2") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"libexiv2-devel-0.15-8.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libexiv2 / libexiv2-devel"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-4591.NASL description - Mon Dec 17 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-5 - CVE-2007-6353 (#425922) - Tue Sep 18 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-4 - -libs: -Requires: %name - Tue Aug 21 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-3 - -libs subpkg to be multilib-friendlier (f8+) - Sat Aug 11 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-2 - License: GPLv2+ - Thu Jul 12 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-1 - exiv2-0.15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29761 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29761 title Fedora 7 : exiv2-0.15-5.fc7 (2007-4591) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-4591. # include("compat.inc"); if (description) { script_id(29761); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-6353"); script_bugtraq_id(26918); script_xref(name:"FEDORA", value:"2007-4591"); script_name(english:"Fedora 7 : exiv2-0.15-5.fc7 (2007-4591)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Dec 17 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-5 - CVE-2007-6353 (#425922) - Tue Sep 18 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-4 - -libs: -Requires: %name - Tue Aug 21 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-3 - -libs subpkg to be multilib-friendlier (f8+) - Sat Aug 11 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-2 - License: GPLv2+ - Thu Jul 12 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 0.15-1 - exiv2-0.15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=425921" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=425922" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/006114.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5486bf22" ); script_set_attribute( attribute:"solution", value: "Update the affected exiv2, exiv2-debuginfo and / or exiv2-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:exiv2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:exiv2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:exiv2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"exiv2-0.15-5.fc7")) flag++; if (rpm_check(release:"FC7", reference:"exiv2-debuginfo-0.15-5.fc7")) flag++; if (rpm_check(release:"FC7", reference:"exiv2-devel-0.15-5.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exiv2 / exiv2-debuginfo / exiv2-devel"); }
References
- http://bugs.gentoo.org/show_bug.cgi?id=202351
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
- http://secunia.com/advisories/28132
- http://secunia.com/advisories/28178
- http://secunia.com/advisories/28267
- http://secunia.com/advisories/28412
- http://secunia.com/advisories/28610
- http://secunia.com/advisories/32273
- http://security.gentoo.org/glsa/glsa-200712-16.xml
- http://www.debian.org/security/2008/dsa-1474
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:006
- http://www.securityfocus.com/bid/26918
- http://www.ubuntu.com/usn/usn-655-1
- http://www.vupen.com/english/advisories/2007/4252
- https://bugzilla.redhat.com/show_bug.cgi?id=425921
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39118
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html