Vulnerability Description
libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libexif Project | Libexif | <= 0.6.16 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=202350
- http://osvdb.org/42652
- http://secunia.com/advisories/28076Vendor Advisory
- http://secunia.com/advisories/28127Vendor Advisory
- http://secunia.com/advisories/28195Vendor Advisory
- http://secunia.com/advisories/28266Vendor Advisory
- http://secunia.com/advisories/28346Vendor Advisory
- http://secunia.com/advisories/28400Vendor Advisory
- http://secunia.com/advisories/28636Vendor Advisory
- http://secunia.com/advisories/28776Vendor Advisory
- http://secunia.com/advisories/32274Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200712-15.xml
- http://www.debian.org/security/2008/dsa-1487
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:005
- http://www.novell.com/linux/security/advisories/suse_security_summary_report.htm
FAQ
What is CVE-2007-6351?
CVE-2007-6351 is a vulnerability with a CVSS score of 4.3 (MEDIUM). libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write funct...
How severe is CVE-2007-6351?
CVE-2007-6351 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6351?
Check the references section above for vendor advisories and patch information. Affected products include: Libexif Project Libexif.