Secunia Security Advisory - Victor Stinner has reported a vulnerability in libexif, which can be exploited by malicious people to cause a DoS and potentially compromise an application using the library.
84f540750fc4e1bbc7d3a828cdb9d0f349005dff4e2a9878f4a2bfbe650f4596
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
Join the FREE BETA test of the Network Software Inspector (NSI)!
http://secunia.com/network_software_inspector/
The NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
libexif EXIF Information Handling Vulnerability
SECUNIA ADVISORY ID:
SA25235
VERIFY ADVISORY:
http://secunia.com/advisories/25235/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
libexif 0.x
http://secunia.com/product/4755/
DESCRIPTION:
Victor Stinner has reported a vulnerability in libexif, which can be
exploited by malicious people to cause a DoS and potentially
compromise an application using the library.
The vulnerability is caused due to an error within the handling of
malformed EXIF information. This can be exploited to crash an
application using the library and may allow execution of arbitrary
code.
SOLUTION:
Update to version 0.6.14.
http://sourceforge.net/project/showfiles.php?group_id=12272
PROVIDED AND/OR DISCOVERED BY:
Victor Stinner
ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?release_id=507447
http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------