CVE-2007-6351 — Project Libexif vulnerability

11 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

4.5%

top 10.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libexif Project Libexif

Timeline

PublishedDec 20

Latest updateMay 1

Description

libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debianlibexif_project/libexif< 0.6.16-2.1+3

▶NVDlibexif_project/libexif0.6.16+2

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-4j78-c8h2-ff3f: libexif 0↗2022-05-01

▶

CVEList

CVE-2007-6351: libexif 0↗2007-12-20

▶

OSV

CVE-2007-6351: libexif 0↗2007-12-20

▶

📋Vendor Advisories

Ubuntu

libexif vulnerabilities↗2008-10-14

▶

Red Hat

libexif infinite recursion flaw (DoS)↗2007-12-14

▶

Debian

CVE-2007-6351: libexif - libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial ...↗2007

▶

💬Community

Bugzilla

CVE-2007-6351 CVE-2007-6352 libexif various flaws [Fdevel]↗2007-12-14

▶

Bugzilla

CVE-2007-6351 libexif infinite recursion flaw (DoS)↗2007-12-14

▶

Bugzilla

CVE-2007-6351 CVE-2007-6352 libexif various flaws [F8]↗2007-12-14

▶

Bugzilla

CVE-2007-6351 CVE-2007-6352 libexif various flaws [F7]↗2007-12-14

▶