CVE-2007-6353

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-6353
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://bugs.gentoo.org/show_bug.cgi?id=202351 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html Mailing List Third Party Advisory
http://secunia.com/advisories/28132 Broken Link
http://secunia.com/advisories/28178 Broken Link
http://secunia.com/advisories/28267 Broken Link
http://secunia.com/advisories/28412 Broken Link
http://secunia.com/advisories/28610 Broken Link
http://secunia.com/advisories/32273 Broken Link
http://security.gentoo.org/glsa/glsa-200712-16.xml Third Party Advisory
http://www.debian.org/security/2008/dsa-1474 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 Broken Link
http://www.securityfocus.com/bid/26918 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-655-1 Third Party Advisory
http://www.vupen.com/english/advisories/2007/4252 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=425921 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=202351 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html Mailing List Third Party Advisory
http://secunia.com/advisories/28132 Broken Link
http://secunia.com/advisories/28178 Broken Link
http://secunia.com/advisories/28267 Broken Link
http://secunia.com/advisories/28412 Broken Link
http://secunia.com/advisories/28610 Broken Link
http://secunia.com/advisories/32273 Broken Link
http://security.gentoo.org/glsa/glsa-200712-16.xml Third Party Advisory
http://www.debian.org/security/2008/dsa-1474 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:006 Broken Link
http://www.securityfocus.com/bid/26918 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-655-1 Third Party Advisory
http://www.vupen.com/english/advisories/2007/4252 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=425921 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39118 Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
History

No history.

Information

Published : 2007-12-20 01:46

Updated : 2025-04-09 00:30

NVD link : CVE-2007-6353

Mitre link : CVE-2007-6353

CVE.ORG link : CVE-2007-6353

JSON object : View

Products Affected

exiv2

  • exiv2

debian

  • debian_linux

canonical

  • ubuntu_linux
CWE
CWE-190

Integer Overflow or Wraparound