USN-478-1: libexif vulnerability

27 June 2007

libexif vulnerability

Releases

Ubuntu 7.04
Ubuntu 6.10
Ubuntu 6.06

Details

Sean Larsson discovered that libexif did not correctly verify the size of
EXIF components. By tricking a user into opening an image with specially
crafted EXIF headers, a remote attacker could cause the application
using libexif to execute arbitrary code with user privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04

libexif12 - 0.6.13-5ubuntu0.2

Ubuntu 6.10

libexif12 - 0.6.13-4ubuntu0.2

Ubuntu 6.06

libexif12 - 0.6.12-2ubuntu0.2

After a standard system upgrade you need to restart your session to
effect the necessary changes.

References

CVE-2006-4168

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›