A security vulnerability in the libexif JPEG image processing library may allow a remote unprivileged user who provides a carefully crafted JPEG image the ability to execute arbitrary code with the privileges of a local user who opens that image. Furthermore, a remote user may be able to create a Denial of Service (DOS) attack by using a carefully crafted JPEG image.

This issue may occur with applications linked against the libexif library, including (but not limited to), the Eye of Gnome (eog) application, which is distributed as part of the Java Desktop System.

Note: Most digital cameras produce EXIF files, which are Joint Photographic Experts Group (JPEG) files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags.

This issue is described in the following documents:

• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0664
• http://www.novell.com/linux/security/advisories/2005_11_sr.html

This issue can occur in the following releases:

SPARC Platform

• Solaris 10 without patch 121095-01

x86 Platform

• Java Desktop System (JDS) Release 2 (for Solaris 9) without patch 121093-01
• Solaris 10 without patch 121096-01

Linux

• Sun Java Desktop System (JDS) release 2003
• Sun Java Desktop System (JDS) Release 2 without the updated RPMs (patch-9996)

Note: Solaris 8 and Solaris 9 are not affected by this issue.

The described issue only occurs on JDS for Linux with libexif versions libexif-0.5.3-91 or earlier.

To determine if libexif is installed on a Solaris system, the following command can be used:

    % pkginfo SUNWlibexif
    GNOME2      SUNWlibexif          libexif

To determine the release of JDS for Linux installed on a system, the following command can be used:

    % cat /etc/sun-release     
    Sun Java Desktop System, Release 2 -build 10b (GA)  
    Assembled 30 March 2004

To determine the version of libexif installed on a JDS for Linux system, the following command can be run:

    % rpm -qf /usr/lib/libexif.so.5
    libexif-0.5.3-91

There are no predictable symptoms that would indicate the described issue has been exploited.

To avoid the described issue, do not load JPEG images from untrusted sources.

This issue is addressed in the following releases:

SPARC Platform

• Solaris 10 with patch 121095-01 or later

x86 Platform

• Java Desktop System (JDS) Release 2 (for Solaris 9) with patch 121093-01 or later
• Solaris 10 with patch 121096-01 or later

Linux

• Sun Java Desktop System (JDS) Release 2 with the updated RPMs (patch-9996)

To download and install the updated RPMs from the update servers, select the following sequence from the "launch" menu:

    Launch >> Applications >> System Tools >> Online Update

For more information on obtaining updates see:

• http://wwws.sun.com/software/javadesktopsystem/faq.html#5q5
• http://wwws.sun.com/software/javadesktopsystem/faq.html#5q7

Note: Sun Java Desktop System (JDS) release 2003 is no longer supported and will require an upgrade to a later release with the associated patches installed to address this issues.

This solution has no attachment