CVE-2009-3895
published 2009-11-20CVE-2009-3895: Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: some of these details are obtained from third party information.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libexif | < libexif 0.6.19-1 (bookworm) | libexif 0.6.19-1 (bookworm) |
| libexif_project | libexif | — | — |
| libexif_project | libexif | >= 0 < 0.6.19-1 | 0.6.19-1 |
| libexif_project | libexif | >= 0 < 0.6.19-1 | 0.6.19-1 |
| libexif_project | libexif | >= 0 < 0.6.19-1 | 0.6.19-1 |
| libexif_project | libexif | >= 0 < 0.6.19-1 | 0.6.19-1 |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM