CVE-2012-2814

Name of the Vulnerable Software and Affected Versions libexif versions prior to 0.6.21 libexif-0.6.21 libexif-devel versions prior to 0.6.21 libexif-64bit versions prior to 0.6.21 libexif-32bit versions prior to 0.6.21 libexif-debuginfo-0.6.21

Description The issue concerns multiple vulnerabilities in the libexif package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially allowing attackers to cause a denial of service or execute arbitrary code via crafted EXIF tags in an image. The exif entry format value function in exif-entry.c in the EXIF Tag Parsing Library is specifically affected by a buffer overflow.

Recommendations For libexif versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-0.6.21, update to a version later than 0.6.21. For libexif-devel versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-64bit versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-32bit versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-debuginfo-0.6.21, update to a version later than 0.6.21. As a temporary workaround, consider disabling the exif entry format value function until a patch is available. Restrict access to the vulnerable libexif module to minimize the risk of exploitation. Avoid using crafted EXIF tags in images until the issue is resolved.