EXIF Library EXIF Tag Parsing Unspecified Memory Corruption Vulnerability
BID:12744
Info
EXIF Library EXIF Tag Parsing Unspecified Memory Corruption Vulnerability
| Bugtraq ID: | 12744 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0664 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | This vulnerability was discovered by Sylvain Defresne. |
| Vulnerable: |
Peachtree Linux release 1 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 Mandriva Linux Mandrake 10.0 AMD64 Mandriva Linux Mandrake 10.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 libexif libexif 0.6.11 libexif libexif 0.6.9 libexif libexif 0.5.12 |
| Not Vulnerable: | |
Discussion
EXIF Library EXIF Tag Parsing Unspecified Memory Corruption Vulnerability
libexif is reported prone to a memory corruption vulnerability. It is reported that the issue presents itself when the affected library is processing malformed EXIF tags.
It is reported that this issue may be leveraged to execute arbitrary code in the context of an application that is linked to the vulnerable library.
libexif is reported prone to a memory corruption vulnerability. It is reported that the issue presents itself when the affected library is processing malformed EXIF tags.
It is reported that this issue may be leveraged to execute arbitrary code in the context of an application that is linked to the vulnerable library.
Exploit / POC
EXIF Library EXIF Tag Parsing Unspecified Memory Corruption Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
EXIF Library EXIF Tag Parsing Unspecified Memory Corruption Vulnerability
Solution:
Conectiva has released an advisory (CLSA-2005:960) along with fixes available dealing with this issue. Please see the referenced advisory for more information.
Peachtree Linux has released an advisory (PLSN-0006) and updates to address this issue. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.
Mandrake has released an advisory (MDKSA-2005:064) and updates to address this vulnerability. Please peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
Ubuntu has released an advisory (USN-91-1) and updates to address this vulnerability. Please peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
RedHat Fedora has released advisories FEDORA-2005-199 and FEDORA-2005-200 for their Fedora Core 2 and Core 3 products. Please see the referenced advisories for details on obtaining and applying fixes.
Gentoo has released advisory GLSA 200503-17 to address this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=media-libs/libexif-0.5.12-r1"
Red Hat has released advisory RHSA-2005:300-08 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
SuSE Linux has released an advisory (SUSE-SR:2005:011) along with updates dealing with this issue. Please see the referenced advisory for more information.
Debian has released advisory DSA 709-1 along with fixes dealing with this issue. Please see the advisory for more information.
libexif libexif 0.5.12
libexif libexif 0.6.9
Solution:
Conectiva has released an advisory (CLSA-2005:960) along with fixes available dealing with this issue. Please see the referenced advisory for more information.
Peachtree Linux has released an advisory (PLSN-0006) and updates to address this issue. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.
Mandrake has released an advisory (MDKSA-2005:064) and updates to address this vulnerability. Please peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
Ubuntu has released an advisory (USN-91-1) and updates to address this vulnerability. Please peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
RedHat Fedora has released advisories FEDORA-2005-199 and FEDORA-2005-200 for their Fedora Core 2 and Core 3 products. Please see the referenced advisories for details on obtaining and applying fixes.
Gentoo has released advisory GLSA 200503-17 to address this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=media-libs/libexif-0.5.12-r1"
Red Hat has released advisory RHSA-2005:300-08 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
SuSE Linux has released an advisory (SUSE-SR:2005:011) along with updates dealing with this issue. Please see the referenced advisory for more information.
Debian has released advisory DSA 709-1 along with fixes dealing with this issue. Please see the advisory for more information.
libexif libexif 0.5.12
-
Fedora libexif-0.5.12-2.2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora libexif-0.5.12-2.2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora libexif-0.5.12-3.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora libexif-0.5.12-3.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora libexif-debuginfo-0.5.12-2.2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora libexif-debuginfo-0.5.12-2.2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora libexif-debuginfo-0.5.12-3.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora libexif-debuginfo-0.5.12-3.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora libexif-devel-0.5.12-2.2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora libexif-devel-0.5.12-2.2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora libexif-devel-0.5.12-3.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora libexif-devel-0.5.12-3.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Mandrake lib64exif9-0.5.12-3.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64exif9-0.5.12-3.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64exif9-0.5.12-3.1.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64exif9-devel-0.5.12-3.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64exif9-devel-0.5.12-3.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64exif9-devel-0.5.12-3.1.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libexif9-0.5.12-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libexif9-0.5.12-3.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libexif9-0.5.12-3.1.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libexif9-devel-0.5.12-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libexif9-devel-0.5.12-3.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libexif9-devel-0.5.12-3.1.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php
libexif libexif 0.6.9
-
Ubuntu libexif-dev_0.6.9-1ubuntu0.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0 .6.9-1ubuntu0.1_amd64.deb -
Ubuntu libexif-dev_0.6.9-1ubuntu0.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0 .6.9-1ubuntu0.1_i386.deb -
Ubuntu libexif-dev_0.6.9-1ubuntu0.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0 .6.9-1ubuntu0.1_powerpc.deb -
Ubuntu libexif10_0.6.9-1ubuntu0.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6 .9-1ubuntu0.1_amd64.deb -
Ubuntu libexif10_0.6.9-1ubuntu0.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6 .9-1ubuntu0.1_i386.deb -
Ubuntu libexif10_0.6.9-1ubuntu0.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6 .9-1ubuntu0.1_powerpc.deb
References
EXIF Library EXIF Tag Parsing Unspecified Memory Corruption Vulnerability
References:
References:
- Bugzilla Bug 7152 Improper boundary checking -> SIGSEGV (Ubuntu)
- CLSA-2005:960 : libexif (Conectiva)
- libexif Homepage (libexif)
- RHSA-2005:300-08 - libexif security update (RedHat)