CVE-2012-2813

Name of the Vulnerable Software and Affected Versions libexif versions prior to 0.6.21 libexif-devel versions prior to 0.6.21 libexif-debuginfo versions prior to 0.6.21 libexif-32bit versions prior to 0.6.21

Description The issue concerns multiple vulnerabilities in the libexif package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The exif convert utf16 to utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.

Recommendations For libexif versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-devel versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-debuginfo versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-32bit versions prior to 0.6.21, update to version 0.6.21 or later. As a temporary workaround, consider disabling the exif convert utf16 to utf8 function until a patch is available. Restrict access to the vulnerable libexif module to minimize the risk of exploitation. Avoid using crafted EXIF tags in images until the issue is resolved.