- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Multiple Vendor libexif Integer Overflow Heap Corruption Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://en.wikipedia.org/wiki/Exif> Exchangeable image file format (Exif)
is "an industry standard image tagging technology used by many digital
camera devices. libexif is an open source library for handling the Exif
format". Remote exploitation of a integer overflow vulnerability in
libexif, as included in various vendors' operating system distributions,
could allow attackers to crash the process or execute arbitrary code.
DETAILS
Vulnerable Systems:
* libexif version 0.6.13 through 0.6.15
Immune Systems:
* libexif version 0.6.16
The problem exists while parsing a tagged image with a large number of
Exif components. Applications using this library are susceptible to a heap
overflow when an integer overflow is triggered in the
exif_data_load_data_entry function.
Analysis:
Exploitation requires that a targeted user process a malicious image using
one of several available tools that utilize libexif for Exif tag parsing.
These tools include, but are not limited to, several applications included
in the GNOME and KDE desktops.
Vendor response:
The libexif maintainers have released version 0.6.16 of libexif to address
this vulnerability.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168>
CVE-2006-4168
Disclosure Timeline:
08/16/2006 - Initial vendor notification
06/05/2007 - Second vendor notification
06/11/2007 - Initial vendor response
06/13/2007 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@idefense.com> iDefense Labs Security Advisories.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment