Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2559-1
HistoryOct 11, 2012 - 12:00 a.m.

libexif - several

2012-10-1100:00:00
Google
osv.dev
6

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several vulnerabilities were found in libexif, a library used to parse EXIF
meta-data on camera files.

A heap-based out-of-bounds array read in the exif_entry_get_value
function allows remote attackers to cause a denial of service or possibly
obtain potentially sensitive information from process memory via an image
with crafted EXIF tags.

A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8
function allows remote attackers to cause a denial of service or possibly
obtain potentially sensitive information from process memory via an image
with crafted EXIF tags.

A buffer overflow in the exif_entry_format_value function allows remote
attackers to cause a denial of service or possibly execute arbitrary code
via an image with crafted EXIF tags.

A heap-based out-of-bounds array read in the exif_data_load_data function
allows remote attackers to cause a denial of service or possibly obtain
potentially sensitive information from process memory via an image with
crafted EXIF tags.

A divide-by-zero error in the mnote_olympus_entry_get_value function
while formatting EXIF maker note tags allows remote attackers to cause a
denial of service via an image with crafted EXIF tags.

An off-by-one error in the exif_convert_utf16_to_utf8 function allows
remote attackers to cause a denial of service or possibly execute
arbitrary code via an image with crafted EXIF tags.

An integer underflow in the exif_entry_get_value function can cause a
heap overflow and potentially arbitrary code execution while formatting an
EXIF tag, if the function is called with a buffer size parameter equal to
zero or one.

For the stable distribution (squeeze), these problems have been fixed in
version 0.6.19-1+squeeze1.

For the testing distribution (wheezy), these problems have been fixed in
version 0.6.20-3.

For the unstable distribution (sid), these problems have been fixed in
version 0.6.20-3.

We recommend that you upgrade your libexif packages.

CPENameOperatorVersion
libexifeq0.6.19-1

Related

oraclelinux 1
nessus 18
securityvulns 3
amazon 1
debian 1
openvas 23
fedora 2
veracode 7
ubuntu 1
suse 2
redhat 1
centos 1
freebsd 1
gentoo 1
altlinux 1
slackware 1
osv 7
alpinelinux 7
prion 7
cve 7
ubuntucve 7
debiancve 7
oraclelinux
oraclelinux
libexif security update
2012-09-11 00:00:00
nessus
nessus
Oracle Linux 5 / 6 : libexif (ELSA-2012-1255)
2013-07-12 00:00:00
Mandriva Linux Security Advisory : libexif (MDVSA-2012:106)
2012-09-06 00:00:00
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libexif vulnerabilities (USN-1513-1)
2012-07-24 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:106 ] libexif
2012-07-16 00:00:00
libexif project security advisory July 12, 2012
2012-07-23 00:00:00
libexif / exif multiple security vulnerabilities
2012-07-23 00:00:00
amazon
amazon
Medium: libexif
2012-09-22 21:36:00
debian
debian
[SECURITY] [DSA 2559-1] libexif security update
2012-10-17 18:45:06
openvas
openvas
Oracle: Security Advisory (ELSA-2012-1255)
2015-10-06 00:00:00
CentOS Update for libexif CESA-2012:1255 centos5
2012-09-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0903-1)
2021-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: libexif-0.6.21-2.fc17
2013-02-08 02:34:57
[SECURITY] Fedora 16 Update: libexif-0.6.21-2.fc16
2013-02-08 02:14:42
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:43:08
Denial Of Service (DoS)
2019-05-02 04:43:08
Denial Of Service (DoS)
2019-05-02 04:43:08
ubuntu
ubuntu
libexif vulnerabilities
2012-07-23 00:00:00
suse
suse
Security update for libexif (important)
2012-07-23 19:08:44
Security update for libexif (important)
2012-07-23 19:08:42
redhat
redhat
(RHSA-2012:1255) Moderate: libexif security update
2012-09-11 00:00:00
centos
centos
libexif security update
2012-09-11 18:50:44
freebsd
freebsd
libexif -- multiple remote vulnerabilities
2012-07-12 00:00:00
gentoo
gentoo
libexif, exif: Multiple vulnerabilities
2014-01-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package libexif version 0.6.21-alt1
2012-10-27 00:00:00
slackware
slackware
[slackware-security] libexif
2012-07-18 17:04:40
osv
osv
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2837
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
alpinelinux
alpinelinux
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
CVE-2012-2836
2012-07-13 10:34:00
prion
prion
Code injection
2012-07-13 10:34:00
Design/Logic Flaw
2012-07-13 10:34:00
Heap overflow
2012-07-13 10:34:00
cve
cve
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
CVE-2012-2836
2012-07-13 10:34:00
ubuntucve
ubuntucve
CVE-2012-2837
2012-07-13 00:00:00
CVE-2012-2836
2012-07-13 00:00:00
CVE-2012-2840
2012-07-13 00:00:00
debiancve
debiancve
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
CVE-2012-2836
2012-07-13 10:34:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-2559-1
oraclelinux1nessus18securityvulns3amazon1debian1openvas23fedora2veracode7ubuntu1suse2redhat1centos1freebsd1gentoo1altlinux1slackware1osv7alpinelinux7prion7cve7ubuntucve7debiancve7