Detections
Analytics
Mandriva Linux Security Advisory : libexif (MDVSA-2008:005)
medium Nessus Plugin ID 36369
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash (CVE-2007-6351).An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash or execute arbitrary code with the privileges of the user executing the application (CVE-2007-6352).
The updated packages have been patched to correct these issues.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 36369
File Name: mandriva_MDVSA-2008-005.nasl
Version: 1.14
Type: local
Family: Mandriva Local Security Checks
Published: 4/23/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:lib64exif-devel, p-cpe:/a:mandriva:linux:lib64exif12, p-cpe:/a:mandriva:linux:lib64exif12-devel, p-cpe:/a:mandriva:linux:libexif-devel, p-cpe:/a:mandriva:linux:libexif12, p-cpe:/a:mandriva:linux:libexif12-devel, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1, cpe:/o:mandriva:linux:2008.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 1/9/2008
Reference Information
CVE: CVE-2007-6351, CVE-2007-6352
CWE: 189
MDVSA: 2008:005