Vulnerability Details : CVE-2007-6352
Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-6352
- cpe:2.3:a:libexif:libexif:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6352
2.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6352
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-6352
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6352
-
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00597.html
[SECURITY] Fedora 7 Update: libexif-0.6.15-3.fc7
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00626.html
[SECURITY] Fedora 8 Update: libexif-0.6.15-5.fc8
-
http://www.securityfocus.com/archive/1/485822/100/0/threaded
-
http://bugs.gentoo.org/show_bug.cgi?id=202350
202350 – media-libs/libexif < 0.6.16-r1 Multiple vulnerabilities (CVE-2007-{6351,6352})
-
http://www.debian.org/security/2008/dsa-1487
[SECURITY] [DSA 1487-1] New libexif packages fix several vulnerabilities
-
http://security.gentoo.org/glsa/glsa-200712-15.xml
libexif: Multiple vulnerabilities (GLSA 200712-15) — Gentoo security
-
http://www.securitytracker.com/id?1019124
Access Denied
-
https://issues.rpath.com/browse/RPL-2068
-
http://www.vupen.com/english/advisories/2007/4278
Site en constructionVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11029
404 Not Found
-
https://bugzilla.redhat.com/show_bug.cgi?id=425621
425621 – CVE-2007-6351 CVE-2007-6352 libexif various flaws [F7]
-
https://bugzilla.redhat.com/show_bug.cgi?id=425631
425631 – CVE-2007-6351 CVE-2007-6352 libexif various flaws [F8]
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4814
404 Not Found
-
http://www.ubuntu.com/usn/usn-654-1
USN-654-1: libexif vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2007-1166.html
SupportVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39167
libexif exif_data_load_data_thumbnail function buffer overflow CVE-2007-6352 Vulnerability Report
-
http://www.redhat.com/support/errata/RHSA-2007-1165.html
SupportVendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-234701-1
-
http://www.securityfocus.com/bid/26942
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:005
Mandriva
-
https://bugzilla.redhat.com/show_bug.cgi?id=425561
425561 – (CVE-2007-6352) CVE-2007-6352 libexif integer overflow
-
http://www.vupen.com/english/advisories/2008/0947/references
Site en constructionVendor Advisory
Jump to