Lucene search

MitreCVE-2007-6352

HistoryDec 20, 2007 - 2:46 a.m.

CVE-2007-6352

2007-12-2002:46:00

CWE-189

mitre

web.nvd.nist.gov

cve-2007-6352

integer overflow

libexif

arbitrary code execution

image processing

exif tags

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.022

Percentile

89.6%

JSON

Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.

Affected configurations

Nvd

Node

libexiflibexifRange≤0.6.16

VendorProductVersionCPE
libexiflibexif*cpe:2.3:a:libexif:libexif:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libexif	libexif	*	cpe:2.3:a:libexif:libexif::::::::

References

bugs.gentoo.org/show_bug.cgi?id=202350

osvdb.org/42653

secunia.com/advisories/28076

secunia.com/advisories/28127

secunia.com/advisories/28195

secunia.com/advisories/28266

secunia.com/advisories/28346

secunia.com/advisories/28400

secunia.com/advisories/28636

secunia.com/advisories/28776

secunia.com/advisories/29381

secunia.com/advisories/32274

security.gentoo.org/glsa/glsa-200712-15.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-234701-1

www.debian.org/security/2008/dsa-1487

www.mandriva.com/security/advisories?name=MDVSA-2008:005

www.novell.com/linux/security/advisories/suse_security_summary_report.html

www.redhat.com/support/errata/RHSA-2007-1165.html

www.redhat.com/support/errata/RHSA-2007-1166.html

www.securityfocus.com/archive/1/485822/100/0/threaded

www.securityfocus.com/bid/26942

www.securitytracker.com/id?1019124

www.ubuntu.com/usn/usn-654-1

www.vupen.com/english/advisories/2007/4278

www.vupen.com/english/advisories/2008/0947/references

bugzilla.redhat.com/show_bug.cgi?id=425561

bugzilla.redhat.com/show_bug.cgi?id=425621

bugzilla.redhat.com/show_bug.cgi?id=425631

exchange.xforce.ibmcloud.com/vulnerabilities/39167

issues.rpath.com/browse/RPL-2068

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11029

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4814

www.redhat.com/archives/fedora-package-announce/2007-December/msg00597.html

www.redhat.com/archives/fedora-package-announce/2007-December/msg00626.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.022

Percentile

89.6%

JSON

Related for CVE-2007-6352