CVE-2007-6352 — Integer Overflow or Wraparound in Libexif

CWE-189 CWE-190 — Integer Overflow or Wraparound12 documents9 sources

Severity

6.8MEDIUMNVD

EPSS

3.4%

top 12.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libexif Project Libexif Libexif

Timeline

PublishedDec 20

Latest updateMay 1

Description

Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianlibexif_project/libexif< 0.6.16-2.1+3

▶NVDlibexif/libexif0.6.16

🔴Vulnerability Details

GHSA

GHSA-wpmg-rx8c-q5g8: Integer overflow in libexif 0↗2022-05-01

▶

CVEList

CVE-2007-6352: Integer overflow in libexif 0↗2007-12-20

▶

OSV

CVE-2007-6352: Integer overflow in libexif 0↗2007-12-20

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office 2007/2010 - OLE Arbitrary Command Execution↗2014-11-12

▶

📋Vendor Advisories

Ubuntu

libexif vulnerabilities↗2008-10-14

▶

Red Hat

libexif integer overflow↗2007-12-14

▶

Debian

CVE-2007-6352: libexif - Integer overflow in libexif 0.6.16 and earlier allows context-dependent attacker...↗2007

▶

💬Community

Bugzilla

CVE-2007-6351 CVE-2007-6352 libexif various flaws [Fdevel]↗2007-12-14

▶

Bugzilla

CVE-2007-6351 CVE-2007-6352 libexif various flaws [F8]↗2007-12-14

▶

Bugzilla

CVE-2007-6352 libexif integer overflow↗2007-12-14

▶

Bugzilla

CVE-2007-6351 CVE-2007-6352 libexif various flaws [F7]↗2007-12-14

▶