GLSA-200712-16 : Exiv2: Integer overflow

High Nessus Plugin ID 29813


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200712-16 (Exiv2: Integer overflow)

Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow.
Impact :

An attacker could entice the user of an application making use of Exiv2 or an application included in Exiv2 to load an image file with specially crafted Exif tags, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround :

There is no known workaround at this time.


All Exiv2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/exiv2-0.13-r1'

See Also

Plugin Details

Severity: High

ID: 29813

File Name: gentoo_GLSA-200712-16.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2007/12/31

Modified: 2015/04/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:exiv2, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2007/12/29

Reference Information

CVE: CVE-2007-6353

BID: 26918

OSVDB: 40249

GLSA: 200712-16

CWE: 189