CVE-2006-4168

Description

Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.

How to fix CVE-2006-4168

To remediate CVE-2006-4168, upgrade the affected package to a fixed version below.

• Debian/libexif—upgrade to 0.6.16-1 or later
• Debian/libexif—upgrade to 0.6.13-5etch1 or later

Is CVE-2006-4168 being exploited?

Moderate — EPSS is 7.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 0.6.16-1
• from 0, < 0.6.13-5etch1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4168