Skip Quicknav

• About Debian
• News
• Getting Debian
• Support
• Developers' Corner
• Site map
• Search

Debian Security Advisory

DSA-1310-1 libexif -- integer overflow

Date Reported:

16 Jun 2007

Affected Packages:

libexif

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 424775.
In Mitre's CVE dictionary: CVE-2006-4168.

More information:

A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data.

For the old-stable distribution (sarge), this problem has been fixed in version 0.6.9-6sarge1.

For the stable distribution (etch), this problem has been fixed in version 0.6.13-5etch1.

We recommend that you upgrade your libexif package.

Fixed in:

Debian GNU/Linux 3.1 (oldstable)

Source:

http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.diff.gz
Size/MD5 checksum: 4786 7f1c3acc1bd7a5cbba3d5902243641f3

http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.dsc
Size/MD5 checksum: 591 42d25baee97586f3ea1498a8f48ccf4a

http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9.orig.tar.gz
Size/MD5 checksum: 520956 0aa142335a8a00c32bb6c7dbfe95fc24

Alpha:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_alpha.deb
Size/MD5 checksum: 87472 b89fd309bcdbffe922868fdc94ae3995

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_alpha.deb
Size/MD5 checksum: 87512 dfe1e955fa930314229d7bb60e3ff836

AMD64:

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_amd64.deb
Size/MD5 checksum: 82032 4c5f701021eb2000bc3ef6f883567ce2

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_amd64.deb
Size/MD5 checksum: 67686 16b056d71ca768c86008dcee30866f60

ARM:

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_arm.deb
Size/MD5 checksum: 77166 2aa58aba802cace8d19c69bde064353f

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_arm.deb
Size/MD5 checksum: 63856 c4d53b9592202e1fdd33488fd60c6d34

HP Precision:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_hppa.deb
Size/MD5 checksum: 72520 ee8e668619021e6b7835008ff995b7d9

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_hppa.deb
Size/MD5 checksum: 87552 98de1cc25069f89469b2d27163f5899b

Intel IA-32:

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_i386.deb
Size/MD5 checksum: 81852 c160054570be46b37aea3eab9b4eaccb

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_i386.deb
Size/MD5 checksum: 67106 d068596d9648d1ce07eab1cc960cc64c

Intel IA-64:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_ia64.deb
Size/MD5 checksum: 84206 0246ab59dabd154efd976ff66bc92f41

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_ia64.deb
Size/MD5 checksum: 95380 154b1660da3aa9de555d2a01771069f6

Motorola 680x0:

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_m68k.deb
Size/MD5 checksum: 79144 d4efcd6b0d598fbdb5f63a8737f49964

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_m68k.deb
Size/MD5 checksum: 57968 d746fafbc55a58c83920a6630b416365

Big-endian MIPS:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_mips.deb
Size/MD5 checksum: 68116 231d9384f29995322dca3d138aa0bd41

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mips.deb
Size/MD5 checksum: 77876 d245ced8cef61e9b29c01891fb28be83

Little-endian MIPS:

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mipsel.deb
Size/MD5 checksum: 77066 a803eeb2551df736a9ad6bfbcd4aec5d

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_mipsel.deb
Size/MD5 checksum: 67570 a4962d489742e261878d1e76072de447

IBM S/390:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_s390.deb
Size/MD5 checksum: 69688 921fe72654e3fb1d8f43dc40c67f2196

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_s390.deb
Size/MD5 checksum: 82194 e452ad17bc755a7896789d72ba6a19ef

Sun Sparc:

http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_sparc.deb
Size/MD5 checksum: 80210 5af15c3f4ba80c2349b22e31fdace319

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_sparc.deb
Size/MD5 checksum: 66224 eff51355ec2cc7ad61a8cafd51b7827d

Debian GNU/Linux 4.0 (stable)

Source:

http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch1.dsc
Size/MD5 checksum: 611 1ef82262d96e0b157f7ee74bfad7cf1f

http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13.orig.tar.gz
Size/MD5 checksum: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb

http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch1.diff.gz
Size/MD5 checksum: 9163 476ae8f1ef4103144ca0f3ea59e88ca4

Alpha:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_alpha.deb
Size/MD5 checksum: 1067984 e5c33b25fd459761ea2d19d9142b5cdf

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_alpha.deb
Size/MD5 checksum: 148336 88bc8cc66ad78ddf4b096015148dba82

AMD64:

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_amd64.deb
Size/MD5 checksum: 142954 ceeccbe1112250949070f1c06b78536c

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_amd64.deb
Size/MD5 checksum: 1044550 b55daeeb41735e7f3024d68186643805

ARM:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_arm.deb
Size/MD5 checksum: 997646 18411c1a63d5d4e537992140cbdf7721

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_arm.deb
Size/MD5 checksum: 135988 1195dbf898c9550590a2a76b327a4eb4

HP Precision:

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_hppa.deb
Size/MD5 checksum: 147200 dece4fe67839197f3f4cbac78aec2a43

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_hppa.deb
Size/MD5 checksum: 1013194 6de2cec24dffdeffa1abf69175d48962

Intel IA-32:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_i386.deb
Size/MD5 checksum: 998686 19d1987a4222f5da26521ba96dbf20cf

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_i386.deb
Size/MD5 checksum: 139954 73713093a5b8e423284e7bc5bd55a120

Intel IA-64:

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_ia64.deb
Size/MD5 checksum: 159424 f1a821774f55ffc4e1aa1238d05835e3

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_ia64.deb
Size/MD5 checksum: 1028554 c599bc392ff53a2f1b8da9d0270dd6b1

Big-endian MIPS:

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_mips.deb
Size/MD5 checksum: 136666 42403f5fe88c1608fbd99e24b0fba51a

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_mips.deb
Size/MD5 checksum: 1008580 24c2d6980675f456a8771b665ea43b75

Little-endian MIPS:

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_mipsel.deb
Size/MD5 checksum: 136120 fea308e90afe74d83dbc00d800d08a3d

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_mipsel.deb
Size/MD5 checksum: 1008154 6c88505ee31716eb604d1d1ccdbf33f0

PowerPC:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_powerpc.deb
Size/MD5 checksum: 1005486 997bbd5a30ba6012c8394df7bd95d095

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_powerpc.deb
Size/MD5 checksum: 138166 41e221f883a8eac1f080068e71633f1e

IBM S/390:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_s390.deb
Size/MD5 checksum: 1007740 9aa83ad28b7b41d0c4121f0084a0650e

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_s390.deb
Size/MD5 checksum: 143518 4f99aa499f2d4d620a4f21709d2035f7

Sun Sparc:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_sparc.deb
Size/MD5 checksum: 1002722 c869b8a61874428e206f01b5e67fbb1b

http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_sparc.deb
Size/MD5 checksum: 138310 13569b4111b772a4a2be29727dd21d2d

MD5 checksums of the listed files are available in the original advisory.

MD5 checksums of the listed files are available in the original advisory.

This page is also available in the following languages:

dansk Deutsch français svenska

How to set the default document language