Exchangeable image file format (Exif) is "an industry standard image tagging technology used by many digital camera devices. libexif is an open source library for handling the Exif format". Remote exploitation of a integer overflow vulnerability in libexif, as included in various vendors' operating system distributions, could allow attackers to crash the process or execute arbitrary code.
Vulnerable Systems:
* libexif version 0.6.13 through 0.6.15
Immune Systems:
* libexif version 0.6.16
The problem exists while parsing a tagged image with a large number of Exif components. Applications using this library are susceptible to a heap overflow when an integer overflow is triggered in the exif_data_load_data_entry function.
Analysis:
Exploitation requires that a targeted user process a malicious image using one of several available tools that utilize libexif for Exif tag parsing. These tools include, but are not limited to, several applications included in the GNOME and KDE desktops.
Vendor response:
The libexif maintainers have released version 0.6.16 of libexif to address this vulnerability.
