iDefense Security Advisory 06.13.07 - Remote exploitation of a integer overflow vulnerability in libexif, as included in various vendors' operating system distributions, could allow attackers to crash the process or execute arbitrary code. The problem exists while parsing a tagged image with a large number of Exif components. Applications using this library are susceptible to a heap overflow when an integer overflow is triggered in the exif_data_load_data_entry function. iDefense confirmed the existence of this vulnerability in versions 0.6.13 through 0.6.15 of libexif.
1bcc90101ec9fadb6112f82dea431a7c3852d675c609a10ac528b1524cda77a3