Heap-based Buffer Overflow in libexif Affects Remote Execution
CVE-2009-3895

Currently unrated

Key Information:

Vendor: Libexif Project
Status: Libexif
Vendor: CVE Published:; 20 November 2009

🔔 Create Libexif Project Vulnerability Alert

What is CVE-2009-3895?

The vulnerability in libexif is a heap-based buffer overflow found in the exif_entry_fix function, which processes EXIF image data. This flaw allows attackers to exploit invalid EXIF images, potentially leading to denial of service effects or even arbitrary code execution on affected systems. Users and developers should take caution when processing EXIF metadata in images, especially in unvalidated environments.

References

http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif...

x_refsource_CONFIRM

http://secunia.com/advisories/37378

third-party-advisoryx_refsource_SECUNIA

http://bugs.gentoo.org/show_bug.cgi?id=293190

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2009
Vulnerability Reserved
Nov 5, 2009

CVE-2009-3895 Data

JSON