Debian Security Advisory DSA 1533-1 (exiftags)

The remote host is missing an update to exiftags announced via advisory DSA 1533-1.

Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. The Common Vulnerabilities and Exposures project identified the following three problems: CVE-2007-6354 Inadequate EXIF property validation could lead to invalid memory accesses if executed on a maliciously crafted image, potentially including heap corruption and the execution of arbitrary code. CVE-2007-6355 Flawed data validation could lead to integer overflows, causing other invalid memory accesses, also with the potential for memory corruption or arbitrary code execution. CVE-2007-6356 Cyclical EXIF image file directory (IFD) references could cause a denial of service (infinite loop). For the stable distribution (etch), these problems have been fixed in version 0.98-1.1+etch1. The old stable distribution (sarge) cannot be fixed synchronously with the Etch version due to a technical limitation in the Debian archive management scripts. For the unstable distribution (sid), these problems have been fixed in version 1.01-0.1. We recommend that you upgrade your exiftags package.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201533-1