VDB
CVE-2007-2645
CVE-2007-2645
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
EPSS 32.09% · 96.9th percentile
Risk Scores
CVSS v2.0
9.300000190734863
EPSS Score
32.09%
96.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| libexif | libexif | 0.5, 0.6.9, 0.6.12 |
| n/a | n/a | * |
Timeline
- May 14, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
- Oct 28, 2023 EPSS Score
- Dec 20, 2023 EPSS Score
References
- 20070604 FLEA-2007-0024-1: libexif mailing-list
- 25599 third-party-advisory
- GLSA-200706-01 vendor-advisory
- 25235 third-party-advisory
- SUSE-SA:2007:039 vendor-advisory
- 26083 third-party-advisory
- 25540 third-party-advisory
- 28776 third-party-advisory
- SUSE-SR:2007:014 vendor-advisory
- 25621 third-party-advisory
- MDKSA-2007:118 vendor-advisory
- http://sourceforge.net/project/shownotes.php?release_id=507447 url
- libexif-exifdataloaddata-integer-overflow(34233) vdb
- 25569 third-party-advisory
- ADV-2007-1761 vdb
- http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272 url
- 35978 vdb
- 25932 third-party-advisory
- DSA-1487 vendor-advisory
- USN-471-1 vendor-advisory
…and 3 more