CVE-2012-2841

Name of the Vulnerable Software and Affected Versions libexif versions prior to 0.6.21

Description The issue involves multiple vulnerabilities in the libexif package that can lead to disruptions in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, an integer underflow in the exif entry get value function in exif-entry.c might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.

Recommendations For versions prior to 0.6.21, update to version 0.6.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the exif entry get value function until a patch is available. Avoid using crafted buffer-size parameters in the affected EXIF tag formatting until the issue is resolved. At the moment, there is no information about additional mitigation measures.