Novell Home

CVE-2007-2645

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2007-2645 at MITRE

Description

Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 281287

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.1
  • libexif5 >= 0.5.12-17.7
SUSE LINUX 10.0
  • libexif >= 0.6.13-5.6
  • libexif-32bit >= 0.6.13-5.6
  • libexif-64bit >= 0.6.13-5.6
SUSE LINUX 10.0
  • libexif5 >= 0.5.12-5.3
SUSE LINUX Retail Solution 8
SuSE Linux Desktop 1.0
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • libexif >= 0.5.3-114
ul1.s390
sles9-oes.x86
slrs8.x86
core9.s390
YOU Patch Nr: 11555
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • libexif >= 0.5.12-118.10
ul1.s390
sles9-oes.x86
slrs8.x86
core9.s390
YOU Patch Nr: 11555
Novell Linux Desktop 9 for x86_64
  • libexif >= 0.5.12-118.10
  • libexif-32bit >= 9-200706190007
ul1.s390
sles9-oes.x86
slrs8.x86
core9.s390
YOU Patch Nr: 11555
SUSE LINUX 10.1
  • libexif >= 0.6.13-20.6
  • libexif-32bit >= 0.6.13-20.6
  • libexif-64bit >= 0.6.13-20.6

© 2014 Novell