Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

libexif project security advisory

PROBLEM DESCRIPTION

A flaw in libexif was discovered that causes a heap buffer to overflow when certain invalid EXIF images are processed. The flaw occurs in the tag fixup routine which attempts to convert in place an array of 8-bit integers into 16-bit integers. This fixup is performed by default after reading an image and until version 0.6.18 there was no easy way to disable it, so it is likely that nearly all applications using libexif to read images are vulnerable.

AFFECTED VERSIONS

Only libexif version 0.6.18 is affected by this flaw. Version 0.6.17 and previous and 0.6.19 and later are not affected.

SOLUTION

Upgrade to version 0.6.19.

REFERENCES

http://libexif.sf.net

Posted by Dan Fandrich 2009-11-13