header-logo
Suggest Exploit
vendor:
libexif
by:
Unknown
7.5
CVSS
HIGH
Integer-Overflow
190
CWE
Product Name: libexif
Affected Version From: All versions prior to 0.6.14
Affected Version To: 2000.6.13
Patch Exists: YES
Related CWE: CVE-2007-2645
CPE: a:libexif_project:libexif
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2007-2645/https://www.rapid7.com/db/vulnerabilities/suse-cve-2007-2645/
Other Scripts:
Platforms Tested:
Unknown

Integer-Overflow Vulnerability in libexif

The libexif library is prone to an integer-overflow vulnerability because the software fails to properly ensure that integer math operations do not result in overflows. Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.

Mitigation:

Upgrade to libexif version 0.6.14 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23927/info

The libexif library is prone to an integer-overflow vulnerability because the software fails to properly ensure that integer math operations do not result in overflows.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.

Versions of libexif prior to 0.6.14 are vulnerable to this issue. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30024.jpg

Navigation

Suggest Exploit

Services By CQR