CVE-2007-2645
libexif - several vulnerabilities
EPSS 32.1%
Description
Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
How to fix CVE-2007-2645
To remediate CVE-2007-2645, upgrade the affected package to a fixed version below.
- Debian/libexif—upgrade to 0.6.15-1 or later
- Debian/libexif—upgrade to 0.6.9-6sarge2 or later
Is CVE-2007-2645 being exploited?
Moderate — EPSS is 32.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.6.15-1
- from 0, < 0.6.9-6sarge2