Unrated severityNVD Advisory· Published May 14, 2007· Updated Apr 23, 2026
CVE-2007-2645
CVE-2007-2645
Description
Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
Affected products
6cpe:2.3:a:libexif:libexif:0.5:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:libexif:libexif:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:libexif:libexif:0.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:libexif:libexif:0.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:libexif:libexif:0.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:libexif:libexif:0.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:libexif:libexif:0.6.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- secunia.com/advisories/25235nvdPatchVendor Advisory
- sourceforge.net/project/shownotes.phpnvdPatch
- www.securityfocus.com/bid/23927nvdExploitPatch
- osvdb.org/35978nvd
- secunia.com/advisories/25540nvd
- secunia.com/advisories/25569nvd
- secunia.com/advisories/25599nvd
- secunia.com/advisories/25621nvd
- secunia.com/advisories/25932nvd
- secunia.com/advisories/26083nvd
- secunia.com/advisories/28776nvd
- security.gentoo.org/glsa/glsa-200706-01.xmlnvd
- sourceforge.net/tracker/index.phpnvd
- www.debian.org/security/2008/dsa-1487nvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2007_14_sr.htmlnvd
- www.novell.com/linux/security/advisories/2007_39_libexif.htmlnvd
- www.securityfocus.com/archive/1/470502/100/100/threadednvd
- www.ubuntu.com/usn/usn-471-1nvd
- www.vupen.com/english/advisories/2007/1761nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34233nvd
- issues.rpath.com/browse/RPL-1431nvd
News mentions
0No linked articles in our index yet.