Nom du paquet
exiv2
Date
2008-01-10
Advisory ID
MDVSA-2008:006
Affected versions
2008.0 x86_64 , 2008.0 i586 , 2007.1 i586 , 2007.1 x86_64

Problem description

An integer overflow in the Exiv2 library allows context-dependent
attackers to execute arbitrary code via a crafted EXIF file that
triggers a heap-based buffer overflow.

The updated packages have been patched to correct these issues.

Updated packages

2008.0 x86_64

 f9e4cc439fa9444972f7755a7c2cee0d  2008.0/x86_64/exiv2-0.15-2.1mdv2008.0.x86_64.rpm
 00ce23b495092284b73d2ec29bbba4cf  2008.0/x86_64/lib64exiv2-0.15-2.1mdv2008.0.x86_64.rpm
 d716f5eaebd041364d409569980f1f8b  2008.0/x86_64/lib64exiv2-devel-0.15-2.1mdv2008.0.x86_64.rpm 
 78ea6a6e976bf2c6097bc0a122282434  2008.0/SRPMS/exiv2-0.15-2.1mdv2008.0.src.rpm

2008.0 i586

 9b81584225e84a2a5bc08110bb404441  2008.0/i586/exiv2-0.15-2.1mdv2008.0.i586.rpm
 014a0adbac5779e8178b77cd5e09a401  2008.0/i586/libexiv2-0.15-2.1mdv2008.0.i586.rpm
 acac434936c9d130e0209107e44b01eb  2008.0/i586/libexiv2-devel-0.15-2.1mdv2008.0.i586.rpm 
 78ea6a6e976bf2c6097bc0a122282434  2008.0/SRPMS/exiv2-0.15-2.1mdv2008.0.src.rpm

2007.1 i586

 290bc944bde4ad24657c9ee13d4534fa  2007.1/i586/exiv2-0.13-1.1mdv2007.1.i586.rpm
 7614143070ac823195d7336a9655e76d  2007.1/i586/libexiv2-0.13-1.1mdv2007.1.i586.rpm
 74450450b9a598a3544e46d2bb4242a9  2007.1/i586/libexiv2-devel-0.13-1.1mdv2007.1.i586.rpm 
 e212cd2efcb56fbe00e892ebfec25d29  2007.1/SRPMS/exiv2-0.13-1.1mdv2007.1.src.rpm

2007.1 x86_64

 e2eb212bb7bd0a427345ac369cb0c3e4  2007.1/x86_64/exiv2-0.13-1.1mdv2007.1.x86_64.rpm
 3c88001c423399c87112be1f90512131  2007.1/x86_64/lib64exiv2-0.13-1.1mdv2007.1.x86_64.rpm
 0eed3499a9da4580f93b03e45d793ff1  2007.1/x86_64/lib64exiv2-devel-0.13-1.1mdv2007.1.x86_64.rpm 
 e212cd2efcb56fbe00e892ebfec25d29  2007.1/SRPMS/exiv2-0.13-1.1mdv2007.1.src.rpm

References