Executive Summary
Summary | |
---|---|
Title | exiftags: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200712-17 | First vendor Publication | 2007-12-29 |
Vendor | Gentoo | Last vendor Modification | 2007-12-29 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities in exiftags possibly allow for the execution of arbitrary code or a Denial of Service. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-200712-17.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200712-17.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20166 | |||
Oval ID: | oval:org.mitre.oval:def:20166 | ||
Title: | DSA-1533-1 exiftags | ||
Description: | Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1533-1 CVE-2007-6354 CVE-2007-6355 CVE-2007-6356 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | exiftags |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7793 | |||
Oval ID: | oval:org.mitre.oval:def:7793 | ||
Title: | DSA-1533 exiftags -- insufficient input sanitising | ||
Description: | Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. The Common Vulnerabilities and Exposures project identified the following three problems: Inadequate EXIF property validation could lead to invalid memory accesses if executed on a maliciously crafted image, potentially including heap corruption and the execution of arbitrary code. Flawed data validation could lead to integer overflows, causing other invalid memory accesses, also with the potential for memory corruption or arbitrary code execution. Cyclical EXIF image file directory (IFD) references could cause a denial of service (infinite loop). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1533 CVE-2007-6354 CVE-2007-6355 CVE-2007-6356 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | exiftags |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200712-17 (exiftags) File : nvt/glsa_200712_17.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1533-1 (exiftags) File : nvt/deb_1533_1.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1533-2 (exiftags) File : nvt/deb_1533_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42648 | exiftags Unspecified Field Offset Overflow #1 |
42647 | exiftags JPEG Handling EXIF Data IFD References Recursion DoS |
42646 | exiftags Unspecified Field Offset Overflow #2 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1533.nasl - Type : ACT_GATHER_INFO |
2007-12-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200712-17.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:35:25 |
|