PT-2012-6319 · Libexif+3 · Libexif+3

Mateusz Jurczyk

Published

1970-01-01

Updated

2024-06-15

CVE-2012-2812

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libexif versions prior to 0.6.21

Description The issue concerns multiple vulnerabilities in the libexif package, which can lead to disruptions in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The exif entry get value function in exif-entry.c in the EXIF Tag Parsing Library allows remote attackers to cause a denial of service or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.

Recommendations For versions prior to 0.6.21, update to version 0.6.21 or later to resolve the issue. As a temporary workaround, consider disabling the use of crafted EXIF tags in images until a patch is available. Restrict access to the vulnerable libexif module to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189CWE-119

Related Identifiers

BDU:2015-03035

BDU:2015-04367

BDU:2015-04368

BDU:2015-04369

BDU:2015-04608

BDU:2015-06308

BDU:2015-06309

BDU:2015-06311

BDU:2015-08863

BDU:2015-08864

BDU:2015-08865

BDU:2015-09712

CESA-2012_1255

CVE-2012-2812

DSA-2559-1

OPENSUSE-SU-2024:10510-1

RHSA-2012:1255

RHSA-2012_1255

SUSE-SU-2012_0902-1

SUSE-SU-2012_0903-1

Affected Products

Centos

Red Hat

Suse

Libexif

PT-2012-6319 · Libexif+3 · Libexif+3

CVE-2012-2812

Weakness Enumeration

Related Identifiers

Affected Products

References · 72