In association with heise online

15 June 2007, 13:30

libexif lets in malicious code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider iDefense has reported a security vulnerability in the libexif open-source library which could allow attackers to inject and execute arbitrary code using manipulated images. libexif is used in numerous graphics programs, desktops including KDE and Gnome, and some software for Web- Photo galleries.

Digital cameras often store preview images and information about shutter speeds and other camera settings in the Exif headers of photos. When processing images with too many entries in the Exif header, an integer overflow can occur in the exif_data_load_data_entry() function of libexif, resulting in a buffer overflow.

According to iDefense, the error affects libexif 0.6.13 to 0.6.15. The library developers have provided Version 0.6.16 for download, which no longer contains the error. Numerous Linux distributors are also distributing updated packages which users should import quickly.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit