Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2837

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2837
Last Modified 06 Nov 2012 12:12:40
Published 13 Jul 2012 06:34:59
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2837

Summary

The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.

Vulnerable Systems

Application

  • Curtis Galloway Libexif 0.6.14

  • Curtis Galloway Libexif 0.6.15

  • Curtis Galloway Libexif 0.6.16

  • Curtis Galloway Libexif 0.6.18

  • Curtis Galloway Libexif 0.6.19

  • Curtis Galloway Libexif 0.6.20


References

MLIST - [libexif-devel] 20120712 libexif project security advisory July 12, 2012

UBUNTU - USN-1513-1

SUSE - SUSE-SU-2012:0903

SUSE - SUSE-SU-2012:0902

REDHAT - RHSA-2012:1255

DEBIAN - DSA-2559

SECUNIA - 49988

Related Patches

Red Hat 2012:1255-01 RHSA Moderate: libexif security update for RHEL 5 x86

Novell SUSE 2012:6568 libexif security update for SLE 11 SP1 i586

Novell SUSE 2012:6568 libexif security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8224 libexif security update for SLE 10 SP4 i586

Novell SUSE 2012:8224 libexif security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:28