|
Family: Ubuntu Local Security Checks --> Category: infos
USN91-1 : libexif vulnerabilities Vulnerability Scan
Vulnerability Scan Summary libexif vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libexif-dev
- libexif10
Description :
Sylvain Defresne discovered that the EXIF library did not properly
validate the structure of the EXIF tags. By tricking a user to load an
image with a malicious EXIF tag, a possible hacker could exploit this to
crash the process using the library, or even execute arbitrary code
with the rights of the process.
Solution :
Upgrade to :
- libexif-dev-0.6.9-1ubuntu0.1 (Ubuntu 4.10)
- libexif10-0.6.9-1ubuntu0.1 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|