CVE-2007-6352

Name of the Vulnerable Software and Affected Versions: libexif versions 0.5.12 through 0.6.16 libexif version 0.6.13 libexif versions prior to 0.6.16-r1

Description: The issue affects the libexif package, allowing context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif data load data thumbnail function in exif-data.c. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations: For libexif versions 0.5.12 through 0.6.16, update to a version later than 0.6.16. For libexif version 0.6.13, update to a version later than 0.6.16. For libexif versions prior to 0.6.16-r1, update to version 0.6.16-r1 or later. As a temporary workaround, consider restricting access to images with crafted EXIF tags until a patch is available.