7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Several vulnerabilities were found in libexif, a library used to parse EXIF
meta-data on camera files.
A heap-based out-of-bounds array read in the exif_entry_get_value
function allows remote attackers to cause a denial of service or possibly
obtain potentially sensitive information from process memory via an image
with crafted EXIF tags.
A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8
function allows remote attackers to cause a denial of service or possibly
obtain potentially sensitive information from process memory via an image
with crafted EXIF tags.
A buffer overflow in the exif_entry_format_value function allows remote
attackers to cause a denial of service or possibly execute arbitrary code
via an image with crafted EXIF tags.
A heap-based out-of-bounds array read in the exif_data_load_data function
allows remote attackers to cause a denial of service or possibly obtain
potentially sensitive information from process memory via an image with
crafted EXIF tags.
A divide-by-zero error in the mnote_olympus_entry_get_value function
while formatting EXIF maker note tags allows remote attackers to cause a
denial of service via an image with crafted EXIF tags.
An off-by-one error in the exif_convert_utf16_to_utf8 function allows
remote attackers to cause a denial of service or possibly execute
arbitrary code via an image with crafted EXIF tags.
An integer underflow in the exif_entry_get_value function can cause a
heap overflow and potentially arbitrary code execution while formatting an
EXIF tag, if the function is called with a buffer size parameter equal to
zero or one.
For the stable distribution (squeeze), these problems have been fixed in
version 0.6.19-1+squeeze1.
For the testing distribution (wheezy), these problems have been fixed in
version 0.6.20-3.
For the unstable distribution (sid), these problems have been fixed in
version 0.6.20-3.
We recommend that you upgrade your libexif packages.