CVE-2012-2840

Name of the Vulnerable Software and Affected Versions libexif versions prior to 0.6.21

Description The issue is related to multiple vulnerabilities in the libexif package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, an off-by-one error in the exif convert utf16 to utf8 function in exif-entry.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.

Recommendations For versions prior to 0.6.21, update to version 0.6.21 or later to resolve the issue. As a temporary workaround, consider disabling the exif convert utf16 to utf8 function until a patch is available. Restrict access to the vulnerable libexif module to minimize the risk of exploitation. Avoid using crafted EXIF tags in images until the issue is resolved.