CVE-2007-6353 — Integer Overflow or Wraparound in Exiv2

CWE-190 — Integer Overflow or Wraparound10 documents7 sources

Severity

7.5HIGHNVD

EPSS

2.3%

top 15.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2 Canonical Ubuntu Linux +1 more

Timeline

PublishedDec 20

Latest updateMay 1

Description

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDexiv2/exiv2< 0.16

▶debiandebian/exiv2< exiv2 0.15-2 (bookworm)

▶Debianexiv2/exiv2< 0.15-2+3

Also affects: Debian Linux 3.1, 4.0, Ubuntu Linux 7.04, 7.10, 8.04

🔴Vulnerability Details

GHSA

GHSA-g589-q56x-4rhp: Integer overflow in exif↗2022-05-01

▶

OSV

CVE-2007-6353: Integer overflow in exif↗2007-12-20

▶

📋Vendor Advisories

Ubuntu

exiv2 vulnerabilities↗2008-10-15

▶

Debian

CVE-2007-6353: exiv2 - Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers...↗2007

▶

Red Hat

exiv2: integer overflow in EXIF parsing↗

▶

💬Community

Bugzilla

CVE-2007-6353 exiv2: integer overflow in EXIF parsing↗2007-12-17

▶

Bugzilla

CVE-2007-6353 exiv2: integer overflow in EXIF parsing [EPEL-5]↗2007-12-17

▶

Bugzilla

CVE-2007-6353 exiv2: integer overflow in EXIF parsing [EPEL-4]↗2007-12-17

▶

Bugzilla

CVE-2007-2953 vim format string flaw↗2007-07-17

▶