Package: libexif12 Version: 0.6.18-1 Severity: serious Tags: security Hi,
the following CVE (Common Vulnerabilities & Exposures) id was published for libexif. Vulnerability description[0]: > A flaw in libexif was discovered that causes a heap buffer to overflow > when certain invalid EXIF images are processed. The flaw occurs in the > tag fixup routine which attempts to convert in place an array of 8-bit > integers into 16-bit integers. This fixup is performed by default after > reading an image and until version 0.6.18 there was no easy way to disable > it, so it is likely that nearly all applications using libexif to read > images are vulnerable. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://article.gmane.org/gmane.comp.graphics.libexif.devel/806 http://security-tracker.debian.org/tracker/CVE-2009-3895 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
