Mandriva Update For Exiv2 MDVSA-2008:006 (exiv2) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

An integer overflow in the Exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. The updated packages have been patched to correct these issues.

Affected

exiv2 on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2007-6353
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:012 (mozilla-thunderbird)
Mandrake Security Advisory MDVSA-2009:104 (udev)
Mandrake Security Advisory MDVSA-2009:041 (jhead)
Mandrake Security Advisory MDVSA-2009:121 (lcms)
Mandrake Security Advisory MDVSA-2009:153 (dhcp)

Mandriva Update for exiv2 MDVSA-2008:006 (exiv2)

Take action and discover your vulnerabilities