CVE-2012-2813

2012-07-1310:34:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-2813

exif

library

denial of service

sensitive information

memory

nvd

6.5 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.029 Low

EPSS

Percentile

90.6%

JSON

The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.

CPENameOperatorVersion
libexif_project:libexiflibexif project libexifeq0.6.14
libexif_project:libexiflibexif project libexifeq0.6.15
libexif_project:libexiflibexif project libexifeq0.6.16
libexif_project:libexiflibexif project libexifeq0.6.18
libexif_project:libexiflibexif project libexifeq0.6.19
libexif_project:libexiflibexif project libexifle0.6.20

CPE	Name	Operator	Version
libexif_project:libexif	libexif project libexif	eq	0.6.14
libexif_project:libexif	libexif project libexif	eq	0.6.15
libexif_project:libexif	libexif project libexif	eq	0.6.16
libexif_project:libexif	libexif project libexif	eq	0.6.18
libexif_project:libexif	libexif project libexif	eq	0.6.19
libexif_project:libexif	libexif project libexif	le	0.6.20