CVE-2007-6353

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-6353
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=425921 Issue Tracking Third Party Advisory
http://secunia.com/advisories/28132 Broken Link
http://bugs.gentoo.org/show_bug.cgi?id=202351 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html Third Party Advisory
http://security.gentoo.org/glsa/glsa-200712-16.xml Third Party Advisory
http://www.securityfocus.com/bid/26918 Broken Link Third Party Advisory VDB Entry
http://secunia.com/advisories/28178 Broken Link
http://secunia.com/advisories/28267 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 Broken Link
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html Mailing List Third Party Advisory
http://secunia.com/advisories/28412 Broken Link
http://www.debian.org/security/2008/dsa-1474 Third Party Advisory
http://secunia.com/advisories/28610 Broken Link
http://secunia.com/advisories/32273 Broken Link
http://www.ubuntu.com/usn/usn-655-1 Third Party Advisory
http://www.vupen.com/english/advisories/2007/4252 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
History

19 Jul 2024, 13:04

Type Values Removed Values Added
CWE CWE-189 CWE-190
First Time Canonical
Canonical ubuntu Linux
Debian
Debian debian Linux
References (GENTOO) http://security.gentoo.org/glsa/glsa-200712-16.xml - (GENTOO) http://security.gentoo.org/glsa/glsa-200712-16.xml - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/26918 - (BID) http://www.securityfocus.com/bid/26918 - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/28412 - (SECUNIA) http://secunia.com/advisories/28412 - Broken Link
References (UBUNTU) http://www.ubuntu.com/usn/usn-655-1 - (UBUNTU) http://www.ubuntu.com/usn/usn-655-1 - Third Party Advisory
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=425921 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=425921 - Issue Tracking, Third Party Advisory
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html - Mailing List, Third Party Advisory
References (MISC) http://bugs.gentoo.org/show_bug.cgi?id=202351 - (MISC) http://bugs.gentoo.org/show_bug.cgi?id=202351 - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/28132 - Patch (SECUNIA) http://secunia.com/advisories/28132 - Broken Link
References (SECUNIA) http://secunia.com/advisories/28610 - (SECUNIA) http://secunia.com/advisories/28610 - Broken Link
References (DEBIAN) http://www.debian.org/security/2008/dsa-1474 - (DEBIAN) http://www.debian.org/security/2008/dsa-1474 - Third Party Advisory
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/28267 - (SECUNIA) http://secunia.com/advisories/28267 - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 - Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/32273 - (SECUNIA) http://secunia.com/advisories/32273 - Broken Link
References (SECUNIA) http://secunia.com/advisories/28178 - (SECUNIA) http://secunia.com/advisories/28178 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2007/4252 - (VUPEN) http://www.vupen.com/english/advisories/2007/4252 - Broken Link
CPE cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
Information

Published : 2007-12-20 01:46

Updated : 2024-07-19 13:04

NVD link : CVE-2007-6353

Mitre link : CVE-2007-6353

JSON object : View

Products Affected

debian

  • debian_linux

exiv2

  • exiv2

canonical

  • ubuntu_linux
CWE
CWE-190

Integer Overflow or Wraparound