Vulnerability DatabaseCVE-2006-4168
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2006-4168
June 14, 2007
Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
Related ResourcesĀ (27)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://secunia.com/advisories/25768
http://secunia.com/advisories/25674
http://www.securityfocus.com/archive/1/472046/100/0/threaded
http://secunia.com/advisories/25645
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9349
http://secunia.com/advisories/25932
http://www.novell.com/linux/security/advisories/2007_39_libexif.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/34851
http://www.ubuntu.com/usn/usn-478-1
http://secunia.com/advisories/25717/
http://secunia.com/advisories/25642
http://osvdb.org/35379
http://sourceforge.net/project/shownotes.php?release_id=515385
http://secunia.com/advisories/25842
http://www.debian.org/security/2007/dsa-1310
http://security.gentoo.org/glsa/glsa-200706-09.xml
http://secunia.com/advisories/25820
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=543
http://www.securityfocus.com/bid/24461
https://rhn.redhat.com/errata/RHSA-2007-0501.html
http://secunia.com/advisories/26083
http://secunia.com/advisories/25746
https://issues.rpath.com/browse/RPL-1482
http://www.mandriva.com/security/advisories?name=MDKSA-2007:128
http://www.securitytracker.com/id?1018240
http://www.vupen.com/english/advisories/2007/2165
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
6.8
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
EPSS
Base Score:
6.22