Debian Security Advisory

DSA-1487-1 libexif -- several vulnerabilities

Date Reported:
08 Feb 2008
Affected Packages:
libexif
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2007-2645, CVE-2007-6351, CVE-2007-6352.
More information:

Several vulnerabilities have been discovered in the EXIF parsing code of the libexif library, which can lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed image. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2007-2645

    Victor Stinner discovered an integer overflow, which may result in denial of service or potentially the execution of arbitrary code.

  • CVE-2007-6351

    Meder Kydyraliev discovered an infinite loop, which may result in denial of service.

  • CVE-2007-6352

    Victor Stinner discovered an integer overflow, which may result in denial of service or potentially the execution of arbitrary code.

This update also fixes two potential NULL pointer deferences.

For the old stable distribution (sarge), these problems have been fixed in 0.6.9-6sarge2.

For the stable distribution (etch), these problems have been fixed in version 0.6.13-5etch2.

We recommend that you upgrade your libexif packages.

Fixed in:

Debian GNU/Linux 3.1 (oldstable)

Source:
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9.orig.tar.gz
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge2.dsc
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge2.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_alpha.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_amd64.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_arm.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_i386.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_ia64.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_ia64.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_m68k.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_m68k.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_mips.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_s390.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_sparc.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_sparc.deb

Debian GNU/Linux 4.0 (stable)

Source:
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13.orig.tar.gz
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch2.dsc
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch2.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_alpha.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_amd64.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_arm.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_i386.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_ia64.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_mips.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_mipsel.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_powerpc.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_s390.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_sparc.deb
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_sparc.deb

MD5 checksums of the listed files are available in the original advisory.