USN-655-1: exiv2 vulnerabilities

15 October 2008

exiv2 vulnerabilities

Releases

Packages

Details

Meder Kydyraliev discovered that exiv2 did not correctly handle certain
EXIF headers. If a user or automated system were tricked into processing
a specially crafted image, a remote attacker could cause the application
linked against libexiv2 to crash, leading to a denial of service, or
possibly executing arbitrary code with user privileges. (CVE-2007-6353)

Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon
lens EXIF information. If a user or automated system were tricked into
processing a specially crafted image, a remote attacker could cause the
application linked against libexiv2 to crash, leading to a denial of
service. (CVE-2008-2696)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04
Ubuntu 7.10
Ubuntu 7.04

After a standard system upgrade you need to restart your session to effect
the necessary changes.