Mandriva Update for libexif MDVSA-2012:106 (libexif)

Mandriva Update for libexif MDVSA-2012:106 addresses multiple vulnerabilities in libexif, including heap-based out-of-bounds reads, buffer overflow, divide-by-zero error, off-by-one error, and integer underflow, which could lead to denial of service or arbitrary code execution

Reporter	Title	Published	Views	Family All 169
ALT Linux	Security fix for the ALT Linux 7 package libexif version 0.6.21-alt1	27 Oct 201200:00	–	altlinux
Amazon	Medium: libexif	22 Sep 201200:00	–	amazon
Tenable Nessus	Amazon Linux AMI : libexif (ALAS-2012-126)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : libexif (CESA-2012:1255)	12 Sep 201200:00	–	nessus
Tenable Nessus	Debian DSA-2559-1 : libexif - several vulnerabilities	18 Oct 201200:00	–	nessus
Tenable Nessus	Fedora 17 : libexif-0.6.21-2.fc17 (2013-1244)	8 Feb 201300:00	–	nessus
Tenable Nessus	Fedora 16 : libexif-0.6.21-2.fc16 (2013-1257)	8 Feb 201300:00	–	nessus
Tenable Nessus	FreeBSD : libexif -- multiple remote vulnerabilities (d881d254-70c6-11e2-862d-080027a5ec9a)	15 Mar 201300:00	–	nessus
Tenable Nessus	GLSA-201401-10 : libexif, exif: Multiple vulnerabilities	20 Jan 201400:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : libexif (MDVSA-2012:106)	6 Sep 201200:00	–	nessus

Source	Link
mandriva	www.mandriva.com/en/support/security/advisories/

###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for libexif MDVSA-2012:106 (libexif)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Multiple vulnerabilities has been discovered and corrected in libexif:

  A heap-based out-of-bounds array read in the exif_entry_get_value
  function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows
  remote attackers to cause a denial of service or possibly obtain
  potentially sensitive information from process memory via an image
  with crafted EXIF tags (CVE-2012-2812).

  A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8
  function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows
  remote attackers to cause a denial of service or possibly obtain
  potentially sensitive information from process memory via an image
  with crafted EXIF tags (CVE-2012-2813).

  A buffer overflow in the exif_entry_format_value function in
  libexif/exif-entry.c in libexif 0.6.20 allows remote attackers to
  cause a denial of service or possibly execute arbitrary code via an
  image with crafted EXIF tags (CVE-2012-2814).

  A heap-based out-of-bounds array read in the exif_data_load_data
  function in libexif 0.6.20 and earlier allows remote attackers to
  cause a denial of service or possibly obtain potentially sensitive
  information from process memory via an image with crafted EXIF tags
  (CVE-2012-2836).

  A divide-by-zero error in the mnote_olympus_entry_get_value function
  while formatting EXIF maker note tags in libexif 0.6.20 and earlier
  allows remote attackers to cause a denial of service via an image
  with crafted EXIF tags (CVE-2012-2837).

  An off-by-one error in the exif_convert_utf16_to_utf8 function in
  libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote
  attackers to cause a denial of service or possibly execute arbitrary
  code via an image with crafted EXIF tags (CVE-2012-2840).

  An integer underflow in the exif_entry_get_value function can cause a
  heap overflow and potentially arbitrary code execution while formatting
  an EXIF tag, if the function is called with a buffer size parameter
  equal to zero or one (CVE-2012-2841).

  The updated packages have been upgraded to the 0.6.21 version which
  is not vulnerable to these issues.";

tag_affected = "libexif on Mandriva Linux 2011.0,
  Mandriva Enterprise Server 5.2";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:106");
  script_id(831694);
  script_version("$Revision: 8245 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $");
  script_tag(name:"creation_date", value:"2012-07-16 11:57:41 +0530 (Mon, 16 Jul 2012)");
  script_cve_id("CVE-2012-2812", "CVE-2012-2813", "CVE-2012-2814", "CVE-2012-2836",
                "CVE-2012-2837", "CVE-2012-2840", "CVE-2012-2841");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_xref(name: "MDVSA", value: "2012:106");
  script_name("Mandriva Update for libexif MDVSA-2012:106 (libexif)");

  script_tag(name: "summary" , value: "Check for the Version of libexif");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "MNDK_2011.0")
{

  if ((res = isrpmvuln(pkg:"libexif12", rpm:"libexif12~0.6.21~0.1", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libexif12-common", rpm:"libexif12-common~0.6.21~0.1", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libexif-devel", rpm:"libexif-devel~0.6.21~0.1", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64exif12", rpm:"lib64exif12~0.6.21~0.1", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64exif-devel", rpm:"lib64exif-devel~0.6.21~0.1", rls:"MNDK_2011.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "MNDK_mes5.2")
{

  if ((res = isrpmvuln(pkg:"libexif12", rpm:"libexif12~0.6.21~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libexif12-common", rpm:"libexif12-common~0.6.21~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libexif-devel", rpm:"libexif-devel~0.6.21~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64exif12", rpm:"lib64exif12~0.6.21~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64exif-devel", rpm:"lib64exif-devel~0.6.21~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

26 Dec 2017 00:00Current

0.7Low risk

Vulners AI Score0.7

EPSS0.04256