CVE-2007-6353

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=202351	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html	Mailing List Third Party Advisory
http://secunia.com/advisories/28132	Broken Link
http://secunia.com/advisories/28178	Broken Link
http://secunia.com/advisories/28267	Broken Link
http://secunia.com/advisories/28412	Broken Link
http://secunia.com/advisories/28610	Broken Link
http://secunia.com/advisories/32273	Broken Link
http://security.gentoo.org/glsa/glsa-200712-16.xml	Third Party Advisory
http://www.debian.org/security/2008/dsa-1474	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:006	Broken Link
http://www.securityfocus.com/bid/26918	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-655-1	Third Party Advisory
http://www.vupen.com/english/advisories/2007/4252	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=425921	Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39118	Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::*

History

No history.

Information

Published : 2007-12-20 01:46

Updated : 2024-07-19 13:04

NVD link : CVE-2007-6353

Mitre link : CVE-2007-6353

CVE.ORG link : CVE-2007-6353

JSON object : View

Products Affected

debian

debian_linux

canonical

ubuntu_linux

exiv2

exiv2

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2007-6353", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-12-20T01:46:00.000", "references": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=202351", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28132", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28178", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28267", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28412", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28610", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32273", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200712-16.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1474", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:006", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26918", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-655-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/4252", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425921", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39118", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en exif.cpp en la libreria exiv2 permite a atacantes dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de archivos EXIF manipulados que disparan un desbordamiento de b\u00fafer basado en pila."}], "lastModified": "2024-07-19T13:04:35.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1294CE89-6A55-4149-908C-453DE8B04391", "versionEndExcluding": "0.16"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10