CVE-2007-6353
exiv2 - arbitrary code execution
EPSS 2.3%
Description
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
How to fix CVE-2007-6353
To remediate CVE-2007-6353, upgrade the affected package to a fixed version below.
- Debian/exiv2—upgrade to 0.15-2 or later
- Debian/exiv2—upgrade to 0.10-1.5 or later
Is CVE-2007-6353 being exploited?
Low — EPSS is 2.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.15-2
- from 0, < 0.10-1.5