Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2007-2645
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-14 May, 2007 | 21:19
Updated At-16 Oct, 2018 | 16:44

Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
libexif
libexif
>>libexif>>0.5
cpe:2.3:a:libexif:libexif:0.5:*:*:*:*:*:*:*
libexif
libexif
>>libexif>>0.5.12
cpe:2.3:a:libexif:libexif:0.5.12:*:*:*:*:*:*:*
libexif
libexif
>>libexif>>0.6.9
cpe:2.3:a:libexif:libexif:0.6.9:*:*:*:*:*:*:*
libexif
libexif
>>libexif>>0.6.11
cpe:2.3:a:libexif:libexif:0.6.11:*:*:*:*:*:*:*
libexif
libexif
>>libexif>>0.6.12
cpe:2.3:a:libexif:libexif:0.6.12:*:*:*:*:*:*:*
libexif
libexif
>>libexif>>0.6.13
cpe:2.3:a:libexif:libexif:0.6.13:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-05-24T00:00:00

Red Hat does not consider this flaw to have security consequences. For more details please see the following: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240055

References
HyperlinkSourceResource
http://osvdb.org/35978cve@mitre.org
N/A
http://secunia.com/advisories/25235cve@mitre.org
Patch
Vendor Advisory
http://secunia.com/advisories/25540cve@mitre.org
N/A
http://secunia.com/advisories/25569cve@mitre.org
N/A
http://secunia.com/advisories/25599cve@mitre.org
N/A
http://secunia.com/advisories/25621cve@mitre.org
N/A
http://secunia.com/advisories/25932cve@mitre.org
N/A
http://secunia.com/advisories/26083cve@mitre.org
N/A
http://secunia.com/advisories/28776cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200706-01.xmlcve@mitre.org
N/A
http://sourceforge.net/project/shownotes.php?release_id=507447cve@mitre.org
Patch
http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272cve@mitre.org
N/A
http://www.debian.org/security/2008/dsa-1487cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2007:118cve@mitre.org
N/A
http://www.novell.com/linux/security/advisories/2007_14_sr.htmlcve@mitre.org
N/A
http://www.novell.com/linux/security/advisories/2007_39_libexif.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/470502/100/100/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/23927cve@mitre.org
Exploit
Patch
http://www.ubuntu.com/usn/usn-471-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2007/1761cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/34233cve@mitre.org
N/A
https://issues.rpath.com/browse/RPL-1431cve@mitre.org
N/A
Change History
0Changes found
Details not found