[Pkg-phototools-devel] Bug#557137: libexif: CVE-2009-3895: heap buffer overflow when processing certain images
Raphael Geissert
geissert at debian.org
Thu Nov 19 20:16:36 UTC 2009
Package: libexif12
Version: 0.6.18-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libexif.
Vulnerability description[0]:
> A flaw in libexif was discovered that causes a heap buffer to overflow
> when certain invalid EXIF images are processed. The flaw occurs in the
> tag fixup routine which attempts to convert in place an array of 8-bit
> integers into 16-bit integers. This fixup is performed by default after
> reading an image and until version 0.6.18 there was no easy way to disable
> it, so it is likely that nearly all applications using libexif to read
> images are vulnerable.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://article.gmane.org/gmane.comp.graphics.libexif.devel/806
http://security-tracker.debian.org/tracker/CVE-2009-3895
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Pkg-phototools-devel
mailing list