CVE-2007-6353 — Vulnetix

CVE-2007-6353 PUBLISHED CVSS 9.300000190734863 CRITICAL

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

EPSS 2.34% · 85.2th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

2.34%

85.2th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	*
exiv2	exiv2	0
canonical	ubuntu_linux	8.04, 7.10, 7.04
debian	debian_linux	3.1, 4.0

Exploit Intelligence

MDVSA-2008:006 (circl)
28412 (circl)
28610 (circl)
USN-655-1 (circl)
ADV-2007-4252 (circl)
FEDORA-2007-4591 (circl)
28267 (circl)
http://bugs.gentoo.org/show_bug.cgi?id=202351 (circl)
28132 (circl)
GLSA-200712-16 (circl)

…and 8 more exploits

Timeline

Dec 20, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 17, 2023 EPSS Score

References

MDVSA-2008:006 vendor-advisory
28412 third-party-advisory
28610 third-party-advisory
USN-655-1 vendor-advisory
ADV-2007-4252 vdb
FEDORA-2007-4591 vendor-advisory
28267 third-party-advisory
http://bugs.gentoo.org/show_bug.cgi?id=202351 url
28132 third-party-advisory
GLSA-200712-16 vendor-advisory
26918 vdb
28178 third-party-advisory
DSA-1474 vendor-advisory
exiv2-setdataarea-bo(39118) vdb
32273 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=425921 url
FEDORA-2007-4551 vendor-advisory
SUSE-SR:2008:001 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2007-6353 advisory

Open in Interactive Console →