This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200706-01
(libexif: Integer overflow vulnerability)
Victor Stinner reported an integer overflow in the
exif_data_load_data_entry() function from file exif-data.c while
handling Exif data.
An attacker could entice a user to process a file with specially
crafted Exif extensions with an application making use of libexif,
which will trigger the integer overflow and potentially execute
arbitrary code or crash the application.
There is no known workaround at this time.
See also :
All libexif users should upgrade to the latest version. Please note
that users upgrading from '<=media-libs/libexif-0.6.13' should also run
revdep-rebuild after their upgrade.
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/libexif-0.6.15'
# revdep-rebuild --library=/usr/lib/libexif.so
Risk factor :
High / CVSS Base Score : 9.3
Family: Gentoo Local Security Checks
Nessus Plugin ID: 25438 (gentoo_GLSA-200706-01.nasl)
CVE ID: CVE-2007-2645