CVE-2006-4168

Current Description

Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.

Basic Data

Published	June 14, 2007
Last Modified	October 17, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	NVD-CWE-Other
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	MEDIUM
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	PARTIAL
CVSS 2 - Availability Impact	PARTIAL
CVSS 2 - Base Score	6.8
Severity	MEDIUM
Exploitability Score	8.6
Impact Score	6.4
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	true

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	Application	Libexif	Libexif	0.6.9	*	*	*	*	*	*	*
2.3	Application	Libexif	Libexif	0.6.11	*	*	*	*	*	*	*
2.3	Application	Libexif	Libexif	0.6.12	*	*	*	*	*	*	*
2.3	Application	Libexif	Libexif	0.6.13	*	*	*	*	*	*	*
2.3	Application	Libexif	Libexif	0.6.14	*	*	*	*	*	*	*
2.3	Application	Libexif	Libexif	0.6.15	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Libexif	Libexif	0.6.11, 0.6.12, 0.6.13, 0.6.14, 0.6.15, 0.6.9

References

Name	Source	URL	Tags
20070613 Multiple Vendor libexif Integer Overflow Heap Corruption Vulnerability	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543	IDEFENSE	PATCH Vendor Advisory
35379	http://osvdb.org/35379	OSVDB
25642	http://secunia.com/advisories/25642	SECUNIA	PATCH Vendor Advisory
25645	http://secunia.com/advisories/25645	SECUNIA
25674	http://secunia.com/advisories/25674	SECUNIA
25717	http://secunia.com/advisories/25717/	SECUNIA
25746	http://secunia.com/advisories/25746	SECUNIA
25768	http://secunia.com/advisories/25768	SECUNIA
25820	http://secunia.com/advisories/25820	SECUNIA
25842	http://secunia.com/advisories/25842	SECUNIA
25932	http://secunia.com/advisories/25932	SECUNIA
26083	http://secunia.com/advisories/26083	SECUNIA
GLSA-200706-09	http://security.gentoo.org/glsa/glsa-200706-09.xml	GENTOO
http://sourceforge.net/project/shownotes.php?release_id=515385	http://sourceforge.net/project/shownotes.php?release_id=515385	CONFIRM	PATCH
DSA-1310	http://www.debian.org/security/2007/dsa-1310	DEBIAN
MDKSA-2007:128	http://www.mandriva.com/security/advisories?name=MDKSA-2007:128	MANDRIVA
SUSE-SR:2007:014	http://www.novell.com/linux/security/advisories/2007_14_sr.html	SUSE
SUSE-SA:2007:039	http://www.novell.com/linux/security/advisories/2007_39_libexif.html	SUSE
20070622 FLEA-2007-0028-1: libexif	http://www.securityfocus.com/archive/1/472046/100/0/threaded	BUGTRAQ
24461	http://www.securityfocus.com/bid/24461	BID
1018240	http://www.securitytracker.com/id?1018240	SECTRACK
USN-478-1	http://www.ubuntu.com/usn/usn-478-1	UBUNTU
ADV-2007-2165	http://www.vupen.com/english/advisories/2007/2165	VUPEN
multiple-libexif-exifdataloaddataentry-bo(34851)	https://exchange.xforce.ibmcloud.com/vulnerabilities/34851	XF
https://issues.rpath.com/browse/RPL-1482	https://issues.rpath.com/browse/RPL-1482	CONFIRM
oval:org.mitre.oval:def:9349	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9349	OVAL
RHSA-2007:0501	https://rhn.redhat.com/errata/RHSA-2007-0501.html	REDHAT