CVE-2012-2845

Name of the Vulnerable Software and Affected Versions libjpeg in exif version 0.6.20 libexif versions prior to 0.6.21

Description The issue is related to an integer overflow in the jpeg data load data function, which can be exploited by remote attackers using a crafted JPEG file. This can lead to a denial of service, causing a buffer over-read and application crash, or potentially allow attackers to obtain sensitive information. Multiple vulnerabilities in the libexif package can compromise the confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations For libjpeg in exif version 0.6.20, update to version 0.6.21 or later to resolve the issue. For libexif versions prior to 0.6.21, update to version 0.6.21 or later to address the vulnerabilities.