Sylvain Defresne

**Name of the Vulnerable Software and Affected Versions** libexif version 0.6.9 **Description** The issue is related to a buffer overflow in the EXIF library, which does not properly validate the structure of the EXIF tags. This allows remote attackers to cause a denial of service, potentially leading to an application crash, and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag. Multiple vulnerabilities in the libexif package may lead to a disruption of protected information, and exploitation can be done remotely. **Recommendations** For libexif version 0.6.9, update to a newer version that addresses the buffer overflow issue in the EXIF library to prevent potential denial of service and arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.