Lucene search

K

[email protected]CVE-2012-2814

HistoryJul 13, 2012 - 10:34 a.m.

CVE-2012-2814

2012-07-1310:34:59

CWE-119

[email protected]

web.nvd.nist.gov

71

cve-2012-2814

buffer overflow

exif_entry_format_value function

libexif

remote attackers

denial of service

execute arbitrary code

crafted exif tags

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8

Confidence

Low

EPSS

0.098

Percentile

94.9%

Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.

Affected configurations

NVD

Node

libexif_projectlibexifMatch0.6.20

VendorProductVersionCPE
libexif_projectlibexif0.6.20cpe:/a:libexif_project:libexif:0.6.20:::

References

lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html

lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html

rhn.redhat.com/errata/RHSA-2012-1255.html

secunia.com/advisories/49988

sourceforge.net/mailarchive/message.php?msg_id=29534027

www.debian.org/security/2012/dsa-2559

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.securityfocus.com/bid/54437

www.ubuntu.com/usn/USN-1513-1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8

Confidence

Low

EPSS

0.098

Percentile

94.9%

Related for CVE-2012-2814

debiancve1 cvelist1 ubuntucve1 nvd1 osv2 prion1 alpinelinux1 openvas23 suse2 nessus18 veracode6 fedora2 ubuntu1 amazon1 oraclelinux1 debian1 securityvulns3 centos1 redhat1 freebsd1 gentoo1 slackware1 altlinux1