CVE-2005-0664
CVSS2.6
发布时间 :2005-05-02 00:00:00
修订时间 :2011-03-07 21:20:23
NMCOPS    

[原文]Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.


[CNNVD]EXIF Library EXIF标签解析未明内存损坏漏洞(CNNVD-200505-739)

        EXIF library (libexif) 0.6.9中存在缓冲区溢出,系统未能正确地验证EXIF标签结构,远程攻击者可以通过一个带有特制EXIF标签的JPEG图像来发起拒绝服务攻击(应用程序崩溃)并可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10832Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0664
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0664
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-739
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.ubuntu.com/show_bug.cgi?id=7152
(PATCH)  MISC  https://bugzilla.ubuntu.com/show_bug.cgi?id=7152
http://www.gentoo.org/security/en/glsa/glsa-200503-17.xml
(PATCH)  GENTOO  GLSA-200503-17
http://www.debian.org/security/2005/dsa-709
(PATCH)  DEBIAN  DSA-709
http://securitytracker.com/id?1013398
(PATCH)  SECTRACK  1013398
http://www.vupen.com/english/advisories/2005/2565
(UNKNOWN)  VUPEN  ADV-2005-2565
http://www.vupen.com/english/advisories/2005/0240
(UNKNOWN)  VUPEN  ADV-2005-0240
http://www.ubuntulinux.org/support/documentation/usn/usn-91-1
(UNKNOWN)  UBUNTU  USN-91-1
http://www.redhat.com/support/errata/RHSA-2005-300.html
(UNKNOWN)  REDHAT  RHSA-2005:300
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102041-1
(UNKNOWN)  SUNALERT  102041
http://secunia.com/advisories/17705
(UNKNOWN)  SECUNIA  17705
http://www.mandriva.com/security/advisories?name=MDKSA-2005:064
(UNKNOWN)  MANDRAKE  MDKSA-2005:064

- 漏洞信息

EXIF Library EXIF标签解析未明内存损坏漏洞
低危 缓冲区溢出
2005-05-02 00:00:00 2006-06-15 00:00:00
远程  
        EXIF library (libexif) 0.6.9中存在缓冲区溢出,系统未能正确地验证EXIF标签结构,远程攻击者可以通过一个带有特制EXIF标签的JPEG图像来发起拒绝服务攻击(应用程序崩溃)并可能执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        libexif libexif 0.5.12
        Fedora libexif-0.5.12-2.2.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora libexif-0.5.12-2.2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora libexif-0.5.12-3.1.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora libexif-0.5.12-3.1.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora libexif-debuginfo-0.5.12-2.2.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora libexif-debuginfo-0.5.12-2.2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora libexif-debuginfo-0.5.12-3.1.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora libexif-debuginfo-0.5.12-3.1.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora libexif-devel-0.5.12-2.2.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora libexif-devel-0.5.12-2.2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora libexif-devel-0.5.12-3.1.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora libexif-devel-0.5.12-3.1.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Mandrake lib64exif9-0.5.12-3.1.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64exif9-0.5.12-3.1.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64exif9-0.5.12-3.1.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64exif9-devel-0.5.12-3.1.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64exif9-devel-0.5.12-3.1.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64exif9-devel-0.5.12-3.1.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libexif9-0.5.12-3.1.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libexif9-0.5.12-3.1.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libexif9-0.5.12-3.1.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libexif9-devel-0.5.12-3.1.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libexif9-devel-0.5.12-3.1.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libexif9-devel-0.5.12-3.1.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        libexif libexif 0.6.9
        Ubuntu libexif-dev_0.6.9-1ubuntu0.1_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0 .6.9-1ubuntu0.1_amd64.deb
        Ubuntu libexif-dev_0.6.9-1ubuntu0.1_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0 .6.9-1ubuntu0.1_i386.deb
        Ubuntu libexif-dev_0.6.9-1ubuntu0.1_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0 .6.9-1ubuntu0.1_powerpc.deb
        Ubuntu libexif10_0.6.9-1ubuntu0.1_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6 .9-1ubuntu0.1_amd64.deb
        Ubuntu libexif10_0.6.9-1ubuntu0.1_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6 .9-1ubuntu0.1_i386.deb
        Ubuntu libexif10_0.6.9-1ubuntu0.1_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/l

- 漏洞信息 (F37229)

dsa-709.txt (PacketStormID:F37229)
2005-04-24 00:00:00
 
advisory,remote,overflow
linux,debian
CVE-2005-0664
[点击下载]

Debian Security Advisory DSA 709-1 - libexif remote buffer overflow. Sylvain Defresne discovered a buffer overflow in libexif, a library that parses EXIF files (such as JPEG files with extra tags).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 709-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 15th, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libexif
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-0664
Debian Bug     : 298464

Sylvain Defresne discovered a buffer overflow in libexif, a library
that parses EXIF files (such as JPEG files with extra tags).  This bug
could be exploited to crash the application and maybe to execute
arbitrary code as well.

For the stable distribution (woody) this problem has been fixed in
version 0.5.0-1woody1.

For the unstable distribution (sid) this problem has been fixed in
version 0.6.9-5.

We recommend that you upgrade your libexif package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0-1woody1.dsc
      Size/MD5 checksum:      588 c5f9941eb60839a174b36ca5ef2e05ab
    http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0-1woody1.diff.gz
      Size/MD5 checksum:     2414 64f21ec303cd05c2d0bf15521e7707a0
    http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0.orig.tar.gz
      Size/MD5 checksum:   178556 76dd5547de0f0e707d5049fe751c4679

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_alpha.deb
      Size/MD5 checksum:    33402 68eca22ffef823e64bedf3db14c7778a
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_alpha.deb
      Size/MD5 checksum:    27170 f8b1016e5dc5acad95e315d6efb8c639

  ARM architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_arm.deb
      Size/MD5 checksum:    26968 3f551f779beb9881bda8a0cdf5c2914b
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_arm.deb
      Size/MD5 checksum:    22208 6097611fbdc6de79c47569f3e3b6722f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_i386.deb
      Size/MD5 checksum:    25932 42107613e27b51fab7d912d8fefdc064
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_i386.deb
      Size/MD5 checksum:    22334 c02b68cc168a284783c027d7d24d699b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_ia64.deb
      Size/MD5 checksum:    35582 390a36964cfcd55de7038226565012c7
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_ia64.deb
      Size/MD5 checksum:    31536 0f2278ae6a257b58071b2e2ffa6eb3f9

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_hppa.deb
      Size/MD5 checksum:    30670 861713e3c4e355071c42087c9621dad1
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_hppa.deb
      Size/MD5 checksum:    25502 f8d1d59f8d9c61e0b1392d102dcc2b13

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_m68k.deb
      Size/MD5 checksum:    25280 34e605f3bbaa451da389328383948887
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_m68k.deb
      Size/MD5 checksum:    22670 610afa47c67a3bbbe3e214f2be62eba2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_mips.deb
      Size/MD5 checksum:    29450 96459f3d71b380ebc8f77e21355cf817
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_mips.deb
      Size/MD5 checksum:    22534 52575f793b537c62e759c7f3abef57be

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_mipsel.deb
      Size/MD5 checksum:    29252 8b2f66fbacd87d306cb004c927469fce
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_mipsel.deb
      Size/MD5 checksum:    22274 3e29e52d3ab8df5b32527be2d4322d7a

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_powerpc.deb
      Size/MD5 checksum:    30602 17fcace29b3eceb732c244b4dba36e5c
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_powerpc.deb
      Size/MD5 checksum:    24140 ebc50f77e7085340b37dacd6dd9f62d7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_s390.deb
      Size/MD5 checksum:    26324 0d9e42b9723d95844b63a24f2fdfe369
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_s390.deb
      Size/MD5 checksum:    23288 876b66520ca55e4791fdf4fc3f58aed2

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_sparc.deb
      Size/MD5 checksum:    28568 dd158a4009865418c60a6124292264c0
    http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_sparc.deb
      Size/MD5 checksum:    26168 06671f5d93b1ffa49b90bce5f36a33c5


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCX81CW5ql+IAeqTIRAn/RAKCoUXeCwUXAVSC+fK6aqkE3T5S9jgCcD3Ef
1Wqxz2vHKGP7zOpt0hfKrp8=
=XIIz
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F36612)

Gentoo Linux Security Advisory 200503-17 (PacketStormID:F36612)
2005-03-17 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-0664
[点击下载]

Gentoo Linux Security Advisory GLSA 200503-17 - libexif contains a buffer overflow vulnerability in the EXIF tag validation code. When opening an image with a specially crafted EXIF tag, the lack of validation can cause applications linked to libexif to crash. Versions less than 0.5.12-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200503-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: libexif: Buffer overflow vulnerability
      Date: March 12, 2005
      Bugs: #84076
        ID: 200503-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

libexif fails to validate certain inputs, making it vulnerable to
buffer overflows.

Background
==========

libexif is a library for parsing, editing and saving EXIF data.

Affected packages
=================

    -------------------------------------------------------------------
     Package             /   Vulnerable   /                 Unaffected
    -------------------------------------------------------------------
  1  media-libs/libexif      < 0.5.12-r1                  >= 0.5.12-r1

Description
===========

libexif contains a buffer overflow vulnerability in the EXIF tag
validation code. When opening an image with a specially crafted EXIF
tag, the lack of validation can cause applications linked to libexif to
crash.

Impact
======

A specially crafted EXIF file could crash applications making use of
libexif, potentially allowing the execution of arbitrary code with the
privileges of the user running the application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All libexif users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.5.12-r1"

References
==========

  [ 1 ] CAN-2005-0664
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0664

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-17.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

14607
libexif Malformed EXIF Tag Arbitrary Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-07 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

EXIF Library EXIF Tag Parsing Unspecified Memory Corruption Vulnerability
Boundary Condition Error 12744
Yes No
2005-03-07 12:00:00 2009-07-12 10:56:00
This vulnerability was discovered by Sylvain Defresne.

- 受影响的程序版本

Peachtree Linux release 1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
libexif libexif 0.6.11
libexif libexif 0.6.9
+ S.u.S.E. Linux Personal 9.3
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
libexif libexif 0.5.12
+ Gentoo Linux
+ Red Hat Enterprise Linux AS 4
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux Desktop version 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
Conectiva Linux 10.0
Conectiva Linux 9.0

- 漏洞讨论

libexif is reported prone to a memory corruption vulnerability. It is reported that the issue presents itself when the affected library is processing malformed EXIF tags.

It is reported that this issue may be leveraged to execute arbitrary code in the context of an application that is linked to the vulnerable library.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Conectiva has released an advisory (CLSA-2005:960) along with fixes available dealing with this issue. Please see the referenced advisory for more information.

Peachtree Linux has released an advisory (PLSN-0006) and updates to address this issue. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

Mandrake has released an advisory (MDKSA-2005:064) and updates to address this vulnerability. Please peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Ubuntu has released an advisory (USN-91-1) and updates to address this vulnerability. Please peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

RedHat Fedora has released advisories FEDORA-2005-199 and FEDORA-2005-200 for their Fedora Core 2 and Core 3 products. Please see the referenced advisories for details on obtaining and applying fixes.

Gentoo has released advisory GLSA 200503-17 to address this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=media-libs/libexif-0.5.12-r1"

Red Hat has released advisory RHSA-2005:300-08 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

SuSE Linux has released an advisory (SUSE-SR:2005:011) along with updates dealing with this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA 709-1 along with fixes dealing with this issue. Please see the advisory for more information.


libexif libexif 0.5.12

libexif libexif 0.6.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站