CVE-2006-4168

Current Description

Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.

Basic Data

PublishedJune 14, 2007
Last ModifiedOctober 17, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationLibexifLibexif0.6.9*******
    2.3ApplicationLibexifLibexif0.6.11*******
    2.3ApplicationLibexifLibexif0.6.12*******
    2.3ApplicationLibexifLibexif0.6.13*******
    2.3ApplicationLibexifLibexif0.6.14*******
    2.3ApplicationLibexifLibexif0.6.15*******

Vulnerable Software List

VendorProductVersions
Libexif Libexif 0.6.11, 0.6.12, 0.6.13, 0.6.14, 0.6.15, 0.6.9

References

NameSourceURLTags
20070613 Multiple Vendor libexif Integer Overflow Heap Corruption Vulnerabilityhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543IDEFENSEPatch Vendor Advisory
35379http://osvdb.org/35379OSVDB
25642http://secunia.com/advisories/25642SECUNIAPatch Vendor Advisory
25645http://secunia.com/advisories/25645SECUNIA
25674http://secunia.com/advisories/25674SECUNIA
25717http://secunia.com/advisories/25717/SECUNIA
25746http://secunia.com/advisories/25746SECUNIA
25768http://secunia.com/advisories/25768SECUNIA
25820http://secunia.com/advisories/25820SECUNIA
25842http://secunia.com/advisories/25842SECUNIA
25932http://secunia.com/advisories/25932SECUNIA
26083http://secunia.com/advisories/26083SECUNIA
GLSA-200706-09http://security.gentoo.org/glsa/glsa-200706-09.xmlGENTOO
http://sourceforge.net/project/shownotes.php?release_id=515385http://sourceforge.net/project/shownotes.php?release_id=515385CONFIRMPatch
DSA-1310http://www.debian.org/security/2007/dsa-1310DEBIAN
MDKSA-2007:128http://www.mandriva.com/security/advisories?name=MDKSA-2007:128MANDRIVA
SUSE-SR:2007:014http://www.novell.com/linux/security/advisories/2007_14_sr.htmlSUSE
SUSE-SA:2007:039http://www.novell.com/linux/security/advisories/2007_39_libexif.htmlSUSE
20070622 FLEA-2007-0028-1: libexifhttp://www.securityfocus.com/archive/1/472046/100/0/threadedBUGTRAQ
24461http://www.securityfocus.com/bid/24461BID
1018240http://www.securitytracker.com/id?1018240SECTRACK
USN-478-1http://www.ubuntu.com/usn/usn-478-1UBUNTU
ADV-2007-2165http://www.vupen.com/english/advisories/2007/2165VUPEN
multiple-libexif-exifdataloaddataentry-bo(34851)https://exchange.xforce.ibmcloud.com/vulnerabilities/34851XF
https://issues.rpath.com/browse/RPL-1482https://issues.rpath.com/browse/RPL-1482CONFIRM
oval:org.mitre.oval:def:9349https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9349OVAL
RHSA-2007:0501https://rhn.redhat.com/errata/RHSA-2007-0501.htmlREDHAT