Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60028
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:1165
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:1165.

The libexif packages contain the Exif library. Exif is an image file format
specification that enables metadata tags to be added to existing JPEG, TIFF
and RIFF files. The Exif library makes it possible to parse an Exif file
and read this metadata.

An infinite recursion flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to crash. (CVE-2007-6351)

An integer overflow flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to execute arbitrary code, or crash.
(CVE-2007-6352)

Users of libexif are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-1165.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-6351
BugTraq ID: 26976
http://www.securityfocus.com/bid/26976
Bugtraq: 20080105 rPSA-2008-0006-1 libexif (Google Search)
http://www.securityfocus.com/archive/1/485822/100/0/threaded
Debian Security Information: DSA-1487 (Google Search)
http://www.debian.org/security/2008/dsa-1487
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00597.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00626.html
http://security.gentoo.org/glsa/glsa-200712-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:005
https://bugzilla.redhat.com/show_bug.cgi?id=425551
http://osvdb.org/42652
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9420
http://www.redhat.com/support/errata/RHSA-2007-1165.html
http://www.securitytracker.com/id?1019124
http://secunia.com/advisories/28076
http://secunia.com/advisories/28127
http://secunia.com/advisories/28195
http://secunia.com/advisories/28266
http://secunia.com/advisories/28346
http://secunia.com/advisories/28400
http://secunia.com/advisories/28636
http://secunia.com/advisories/28776
http://secunia.com/advisories/32274
SuSE Security Announcement: SUSE-SR:2008:002 (Google Search)
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
http://www.ubuntu.com/usn/usn-654-1
http://www.vupen.com/english/advisories/2007/4278
XForce ISS Database: libexif-exifloaderwrit-dos(39166)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39166
Common Vulnerability Exposure (CVE) ID: CVE-2007-6352
BugTraq ID: 26942
http://www.securityfocus.com/bid/26942
http://osvdb.org/42653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4814
http://www.redhat.com/support/errata/RHSA-2007-1166.html
http://secunia.com/advisories/29381
http://sunsolve.sun.com/search/document.do?assetkey=1-26-234701-1
http://www.vupen.com/english/advisories/2008/0947/references
XForce ISS Database: libexif-exifdataloaddatathumbnail-bo(39167)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39167
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.