CVE-2006-4168 Affecting libexif package, versions <0.6.16-1
Threat Intelligence
EPSS
26.07% (97th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN9-LIBEXIF-325995
- published 14 Jun 2007
- disclosed 14 Jun 2007
Introduced: 14 Jun 2007
CVE-2006-4168 Open this link in a new tabHow to fix?
Upgrade Debian:9 libexif to version 0.6.16-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libexif package and not the libexif package as distributed by Debian.
See How to fix? for Debian:9 relevant fixed versions and status.
Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
References
- http://www.securityfocus.com/archive/1/472046/100/0/threaded
- https://issues.rpath.com/browse/RPL-1482
- http://sourceforge.net/project/shownotes.php?release_id=515385
- http://www.debian.org/security/2007/dsa-1310
- https://security-tracker.debian.org/tracker/CVE-2006-4168
- http://security.gentoo.org/glsa/glsa-200706-09.xml
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543
- http://osvdb.org/35379
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9349
- https://rhn.redhat.com/errata/RHSA-2007-0501.html
- http://secunia.com/advisories/25642
- http://secunia.com/advisories/25645
- http://secunia.com/advisories/25674
- http://secunia.com/advisories/25717/
- http://secunia.com/advisories/25746
- http://secunia.com/advisories/25768
- http://secunia.com/advisories/25820
- http://secunia.com/advisories/25842
- http://secunia.com/advisories/25932
- http://secunia.com/advisories/26083
- http://www.securityfocus.com/bid/24461
- http://www.securitytracker.com/id?1018240
- http://www.novell.com/linux/security/advisories/2007_14_sr.html
- http://www.novell.com/linux/security/advisories/2007_39_libexif.html
- http://www.ubuntu.com/usn/usn-478-1
- http://www.vupen.com/english/advisories/2007/2165
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34851
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:128
CVSS Scores
version 3.1