Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2812

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-2812
Last Modified 06 Nov 2012 12:12:37
Published 13 Jul 2012 06:34:59
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2812

Summary

The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.

Vulnerable Systems

Application

  • Curtis Galloway Libexif 0.6.14

  • Curtis Galloway Libexif 0.6.15

  • Curtis Galloway Libexif 0.6.16

  • Curtis Galloway Libexif 0.6.18

  • Curtis Galloway Libexif 0.6.19

  • Curtis Galloway Libexif 0.6.20


References

MLIST - [libexif-devel] 20120712 libexif project security advisory July 12, 2012

UBUNTU - USN-1513-1

SUSE - SUSE-SU-2012:0903

SUSE - SUSE-SU-2012:0902

REDHAT - RHSA-2012:1255

DEBIAN - DSA-2559

SECUNIA - 49988

Related Patches

Red Hat 2012:1255-01 RHSA Moderate: libexif security update for RHEL 5 x86

Novell SUSE 2012:6568 libexif security update for SLE 11 SP1 i586

Novell SUSE 2012:6568 libexif security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8224 libexif security update for SLE 10 SP4 i586

Novell SUSE 2012:8224 libexif security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:28