Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2841

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2841
Last Modified 06 Nov 2012 12:12:40
Published 13 Jul 2012 06:34:59
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2841

Summary

Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.

Vulnerable Systems

Application

  • Curtis Galloway Libexif 0.6.20


References

MLIST - [libexif-devel] 20120712 libexif project security advisory July 12, 2012

UBUNTU - USN-1513-1

SUSE - SUSE-SU-2012:0903

SUSE - SUSE-SU-2012:0902

REDHAT - RHSA-2012:1255

DEBIAN - DSA-2559

SECUNIA - 49988

Related Patches

Red Hat 2012:1255-01 RHSA Moderate: libexif security update for RHEL 5 x86

Novell SUSE 2012:6568 libexif security update for SLE 11 SP1 i586

Novell SUSE 2012:6568 libexif security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8224 libexif security update for SLE 10 SP4 i586

Novell SUSE 2012:8224 libexif security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:55:02