|
|
Subscribe / Log in / New account

libexif: multiple vulnerabilities

Package(s):libexif CVE #(s):CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841
Created:July 13, 2012 Updated:April 5, 2013
Description: From the Mandriva advisory:

A heap-based out-of-bounds array read in the exif_entry_get_value function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags (CVE-2012-2812).

A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags (CVE-2012-2813).

A buffer overflow in the exif_entry_format_value function in libexif/exif-entry.c in libexif 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags (CVE-2012-2814).

A heap-based out-of-bounds array read in the exif_data_load_data function in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags (CVE-2012-2836).

A divide-by-zero error in the mnote_olympus_entry_get_value function while formatting EXIF maker note tags in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service via an image with crafted EXIF tags (CVE-2012-2837).

An off-by-one error in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags (CVE-2012-2840).

An integer underflow in the exif_entry_get_value function can cause a heap overflow and potentially arbitrary code execution while formatting an EXIF tag, if the function is called with a buffer size parameter equal to zero or one (CVE-2012-2841).

Alerts:
Gentoo 201401-10 libexif 2014-01-19
Mandriva MDVSA-2013:035 libexif 2013-04-05
Fedora FEDORA-2013-1244 libexif 2013-02-08
Fedora FEDORA-2013-1257 libexif 2013-02-08
Debian DSA-2559-1 libexif 2012-10-17
Oracle ELSA-2012-1255 libexif 2012-09-11
Oracle ELSA-2012-1255 libexif 2012-09-11
Scientific Linux SL-libe-20120911 libexif 2012-09-11
CentOS CESA-2012:1255 libexif 2012-09-11
CentOS CESA-2012:1255 libexif 2012-09-11
Red Hat RHSA-2012:1255-01 libexif 2012-09-11
openSUSE openSUSE-SU-2012:0914-1 libexif 2012-07-25
Ubuntu USN-1513-1 libexif 2012-07-23
SUSE SUSE-SU-2012:0903-1 libexif 2012-07-23
SUSE SUSE-SU-2012:0902-1 libexif 2012-07-23
Slackware SSA:2012-200-01 libexif 2012-07-18
Mageia MGASA-2012-0167 exif 2012-07-14
Mandriva MDVSA-2012:106 libexif 2012-07-13
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds