[Libexif-devel] libexif project security advisory

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

libexif project security advisory
November 12, 2009

PROBLEM DESCRIPTION

A flaw in libexif was discovered that causes a heap buffer to overflow
when certain invalid EXIF images are processed. The flaw occurs in the
tag fixup routine which attempts to convert in place an array of 8-bit
integers into 16-bit integers. This fixup is performed by default after
reading an image and until version 0.6.18 there was no easy way to disable
it, so it is likely that nearly all applications using libexif to read
images are vulnerable.

AFFECTED VERSIONS

Only libexif version 0.6.18 is affected by this flaw. Version 0.6.17 and
previous and 0.6.19 and later are not affected.

SOLUTION

Upgrade to version 0.6.19.

CHECKSUMS

Here are the MD5 sums of the released files:

75f0dd6f9f2d128261721c0896e0b324  exif-0.6.19.tar.bz2
c3928b8382b081cec9f5da862b15de9c  exif-0.6.19.tar.gz
56144a030a4c875c600b1ccf713f69f7  libexif-0.6.19.tar.bz2
986741d9e5e0cbf9642eb2893c885e8a  libexif-0.6.19.tar.gz
43ec0c469c3b17f3424fda7ddde0014d  libexif-0.6.19.zip

Here are the SHA1 sums of the released files:

1eeae082c60f2db36f289b80eaa7f7a68eedd266  exif-0.6.19.tar.bz2
3cbde4bf858053fc42668d681ccfb618ae1eaac1  exif-0.6.19.tar.gz
820f07ff12a8cc720a6597d46277f01498c8aba4  libexif-0.6.19.tar.bz2
ce669ea945beb9cd636f0dd8f723d006138aa13c  libexif-0.6.19.tar.gz
85f6a16b5e7fb2712ea57ec767fffdbb8477eef2  libexif-0.6.19.zip

REFERENCES

http://libexif.sf.net