This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200706-01
(libexif: Integer overflow vulnerability)
Victor Stinner reported an integer overflow in the
exif_data_load_data_entry() function from file exif-data.c while
handling Exif data.
An attacker could entice a user to process a file with specially
crafted Exif extensions with an application making use of libexif,
which will trigger the integer overflow and potentially execute
arbitrary code or crash the application.
There is no known workaround at this time.
See also :
All libexif users should upgrade to the latest version. Please note
that users upgrading from '<=media-libs/libexif-0.6.13' should also run
revdep-rebuild after their upgrade.
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/libexif-0.6.15'
# revdep-rebuild --library=/usr/lib/libexif.so
Risk factor :
High / CVSS Base Score : 9.3
Family: Gentoo Local Security Checks
Nessus Plugin ID: 25438 (gentoo_GLSA-200706-01.nasl)
CVE ID: CVE-2007-2645
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.