[Frugalware-darcs] homepage-ng: FSA211-libexif

voroskoi voroskoi at frugalware.org
Sun Jul 1 10:46:35 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070701084538-dd049-16c580f17e2a01a895f5953aaa6f1e27fd05b6bd.gz;

[FSA211-libexif
voroskoi <voroskoi at frugalware.org>**20070701084538] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>211</id>
+		<date>2007-07-01</date>
+		<author>voroskoi</author>
+		<package>libexif</package>
+		<vulnerable>0.6.13-2terminus1</vulnerable>
+		<unaffected>0.6.13-2terminus2</unaffected>
+		<bts>http://bugs.frugalware.org/task/2197</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168</cve>
+		<desc>A vulnerability has been reported in libexif, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
+			The vulnerability is caused due to an integer overflow error within the "exif_data_load_data_entry()" function when handling EXIF component information and can be exploited to cause a heap based buffer overflow.
+			Successful exploitation may allow an attacker to crash an application using the library or to execute arbitrary code.</desc>
+	</fsa>
}


More information about the Frugalware-darcs mailing list