English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59691
Category:Fedora Local Security Checks
Title:Fedora Core 7 FEDORA-2007-0414 (libexif)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to libexif
announced via advisory FEDORA-2007-0414.

Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
allows you to parse an EXIF file and read the data from those tags.

Update Information:

The libexif package contains the EXIF library. Applications
use this library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses
EXIF image tags. If a victim opens a carefully crafted EXIF
image file it could cause the application linked against
libexif to execute arbitrary code or crash. (CVE-2007-4168)

Users of libexif should upgrade to these updated packages,
which contain a backported patch and are not vulnerable to
this issue.
ChangeLog:

* Wed Jun 13 2007 Matthias Clasen - 0.6.15-2
- Add patch for CVE-2007-4168. Fix bug #243892
* Wed May 30 2007 Matthias Clasen - 0.6.15-1
- Update to 0.6.15
- Drop obsolete patch
* Thu May 24 2007 Matthias Clasen - 0.6.13-4
- Add patch for CVE-2007-2645.
References:

[ 1 ] Bug #243890
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243890
[ 2 ] CVE-2007-4168
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
Updated packages:

10cce6c94291f0470e8cb4de3bb1f6b2996a9f08 libexif-devel-0.6.15-2.fc7.ppc64.rpm
cd56142d945ece535cf3c0c02e5300d872326af4 libexif-0.6.15-2.fc7.ppc64.rpm
091289552c8397a8a54414252c9633812158dddc libexif-debuginfo-0.6.15-2.fc7.ppc64.rpm
2d6e1ceaf1941cc77d4ecb05915c5541d1c33f6e libexif-devel-0.6.15-2.fc7.i386.rpm
cf8f484124bcc88ec71529b8a1f56f1a83cefbac libexif-0.6.15-2.fc7.i386.rpm
b3efabe81a30002d39f2eb2993ff95492f102be3 libexif-debuginfo-0.6.15-2.fc7.i386.rpm
27926dbb021313d7d3b1fac7c140abfa6738f34d libexif-debuginfo-0.6.15-2.fc7.x86_64.rpm
8bb1e505f0f5f54942e42292871a608654eac6e5 libexif-devel-0.6.15-2.fc7.x86_64.rpm
b8dbe6182dc5cc18f66f5d5fba78c4324310906b libexif-0.6.15-2.fc7.x86_64.rpm
89b8fcd78fa45984ba8aed9e19cc8833a519e46f libexif-devel-0.6.15-2.fc7.ppc.rpm
efd2be2d1ce6b5f042964f7106c4d204d289be0f libexif-0.6.15-2.fc7.ppc.rpm
1c551c06052a4ed21969b4fdf2e3e2ef27c864d5 libexif-debuginfo-0.6.15-2.fc7.ppc.rpm
2b7824199c20411b1ba6cf6546e09baf861c53ea libexif-0.6.15-2.fc7.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.

Solution: Apply the appropriate updates.

https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2007-0414

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4168
Common Vulnerability Exposure (CVE) ID: CVE-2007-2645
BugTraq ID: 23927
http://www.securityfocus.com/bid/23927
Bugtraq: 20070604 FLEA-2007-0024-1: libexif (Google Search)
http://www.securityfocus.com/archive/1/470502/100/100/threaded
Debian Security Information: DSA-1487 (Google Search)
http://www.debian.org/security/2008/dsa-1487
http://security.gentoo.org/glsa/glsa-200706-01.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:118
http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272
http://osvdb.org/35978
http://secunia.com/advisories/25235
http://secunia.com/advisories/25540
http://secunia.com/advisories/25569
http://secunia.com/advisories/25599
http://secunia.com/advisories/25621
http://secunia.com/advisories/25932
http://secunia.com/advisories/26083
http://secunia.com/advisories/28776
SuSE Security Announcement: SUSE-SA:2007:039 (Google Search)
http://www.novell.com/linux/security/advisories/2007_39_libexif.html
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.ubuntu.com/usn/usn-471-1
http://www.vupen.com/english/advisories/2007/1761
XForce ISS Database: libexif-exifdataloaddata-integer-overflow(34233)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34233
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.