CVE-2012-2837

2012-07-1310:34:59

CWE-189

Chrome

web.nvd.nist.gov

cve-2012-2837

libexif

remote attackers

denial of service

divide-by-zero error

crafted exif tags

exif maker note tags

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.039

Percentile

92.0%

JSON

The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.

Affected configurations

Nvd

Node

libexif_projectlibexifRange≤0.6.20

libexif_projectlibexifMatch0.6.14

libexif_projectlibexifMatch0.6.15

libexif_projectlibexifMatch0.6.16

libexif_projectlibexifMatch0.6.18

libexif_projectlibexifMatch0.6.19

VendorProductVersionCPE
libexif_projectlibexif*cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*
libexif_projectlibexif0.6.14cpe:2.3:a:libexif_project:libexif:0.6.14:*:*:*:*:*:*:*
libexif_projectlibexif0.6.15cpe:2.3:a:libexif_project:libexif:0.6.15:*:*:*:*:*:*:*
libexif_projectlibexif0.6.16cpe:2.3:a:libexif_project:libexif:0.6.16:*:*:*:*:*:*:*
libexif_projectlibexif0.6.18cpe:2.3:a:libexif_project:libexif:0.6.18:*:*:*:*:*:*:*
libexif_projectlibexif0.6.19cpe:2.3:a:libexif_project:libexif:0.6.19:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libexif_project	libexif	*	cpe:2.3:a:libexif_project:libexif::::::::
libexif_project	libexif	0.6.14	cpe:2.3:a:libexif_project:libexif:0.6.14:::::::*
libexif_project	libexif	0.6.15	cpe:2.3:a:libexif_project:libexif:0.6.15:::::::*
libexif_project	libexif	0.6.16	cpe:2.3:a:libexif_project:libexif:0.6.16:::::::*
libexif_project	libexif	0.6.18	cpe:2.3:a:libexif_project:libexif:0.6.18:::::::*
libexif_project	libexif	0.6.19	cpe:2.3:a:libexif_project:libexif:0.6.19:::::::*