--- libexif-0.6.13/libexif/exif-data.c.cve-2007-4168	2005-08-22 16:32:02.000000000 -0400
+++ libexif-0.6.13/libexif/exif-data.c	2007-06-12 12:14:35.000000000 -0400
@@ -174,9 +174,15 @@ exif_data_load_data_entry (ExifData *dat
 	 * Size? If bigger than 4 bytes, the actual data is not
 	 * in the entry but somewhere else (offset).
 	 */
-	s = exif_format_get_size (entry->format) * entry->components;
-	if (!s)
-		return 0;
+        /* {0,1,2,4,8} x { 0x00000000 .. 0xffffffff }
+         *   -> { 0x000000000 .. 0x7fffffff8 } */
+        s = exif_format_get_size(entry->format) * entry->components;
+        if (s < entry->components) {
+                return 0;
+        }
+        if (0 == s)
+                return 0;
+
 	if (s > 4)
 		doff = exif_get_long (d + offset + 8, data->priv->order);
 	else