Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2007-6356 | First vendor Publication | 2007-12-18 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6356 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20166 | |||
| Oval ID: | oval:org.mitre.oval:def:20166 | ||
| Title: | DSA-1533-1 exiftags | ||
| Description: | Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1533-1 CVE-2007-6354 CVE-2007-6355 CVE-2007-6356 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | exiftags |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7793 | |||
| Oval ID: | oval:org.mitre.oval:def:7793 | ||
| Title: | DSA-1533 exiftags -- insufficient input sanitising | ||
| Description: | Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. The Common Vulnerabilities and Exposures project identified the following three problems: Inadequate EXIF property validation could lead to invalid memory accesses if executed on a maliciously crafted image, potentially including heap corruption and the execution of arbitrary code. Flawed data validation could lead to integer overflows, causing other invalid memory accesses, also with the potential for memory corruption or arbitrary code execution. Cyclical EXIF image file directory (IFD) references could cause a denial of service (infinite loop). | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1533 CVE-2007-6354 CVE-2007-6355 CVE-2007-6356 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | exiftags |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200712-17 (exiftags) File : nvt/glsa_200712_17.nasl |
| 2008-04-07 | Name : Debian Security Advisory DSA 1533-1 (exiftags) File : nvt/deb_1533_1.nasl |
| 2008-04-07 | Name : Debian Security Advisory DSA 1533-2 (exiftags) File : nvt/deb_1533_2.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 42647 | exiftags JPEG Handling EXIF Data IFD References Recursion DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1533.nasl - Type : ACT_GATHER_INFO |
| 2007-12-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200712-17.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:15:35 |
|
| 2024-11-28 12:14:11 |
|
| 2024-01-19 01:07:19 |
|
| 2021-05-04 12:06:47 |
|
| 2021-04-22 01:07:17 |
|
| 2020-05-23 00:20:52 |
|
| 2016-04-26 16:53:07 |
|
| 2014-02-17 10:42:53 |
|
| 2013-05-11 10:44:01 |
|
