Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2012:1255
HistorySep 11, 2012 - 12:00 a.m.

(RHSA-2012:1255) Moderate: libexif security update

2012-09-1100:00:00
access.redhat.com
11

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.131 Low

EPSS

Percentile

95.0%

JSON

The libexif packages provide an Exchangeable image file format (Exif)
library. Exif allows metadata to be added to and read from certain types
of image files.

Multiple flaws were found in the way libexif processed Exif tags. An
attacker could create a specially-crafted image file that, when opened in
an application linked against libexif, could cause the application to
crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814,
CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841)

Red Hat would like to thank Dan Fandrich for reporting these issues.
Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the
original reporter of CVE-2012-2812, CVE-2012-2813, and CVE-2012-2814; and
Yunho Kim as the original reporter of CVE-2012-2836 and CVE-2012-2837.

Users of libexif are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications linked against libexif must be restarted for the update to
take effect.

OSVersionArchitecturePackageVersionFilename
RedHat5i386libexif< 0.6.21-1.el5_8libexif-0.6.21-1.el5_8.i386.rpm
RedHat6ppc64libexif-devel< 0.6.21-5.el6_3libexif-devel-0.6.21-5.el6_3.ppc64.rpm
RedHat5s390libexif< 0.6.21-1.el5_8libexif-0.6.21-1.el5_8.s390.rpm
RedHat5s390xlibexif-devel< 0.6.21-1.el5_8libexif-devel-0.6.21-1.el5_8.s390x.rpm
RedHat5ppclibexif-devel< 0.6.21-1.el5_8libexif-devel-0.6.21-1.el5_8.ppc.rpm
RedHat5s390xlibexif< 0.6.21-1.el5_8libexif-0.6.21-1.el5_8.s390x.rpm
RedHat5x86_64libexif< 0.6.21-1.el5_8libexif-0.6.21-1.el5_8.x86_64.rpm
RedHat5ppclibexif-debuginfo< 0.6.21-1.el5_8libexif-debuginfo-0.6.21-1.el5_8.ppc.rpm
RedHat6i686libexif-debuginfo< 0.6.21-5.el6_3libexif-debuginfo-0.6.21-5.el6_3.i686.rpm
RedHat5ppc64libexif-devel< 0.6.21-1.el5_8libexif-devel-0.6.21-1.el5_8.ppc64.rpm
Rows per page:
1-10 of 411

Related

oraclelinux 1
nessus 18
openvas 21
securityvulns 3
amazon 1
debian 1
veracode 7
fedora 2
ubuntu 1
osv 8
suse 2
centos 1
gentoo 1
freebsd 1
altlinux 1
slackware 1
alpinelinux 7
prion 7
cve 7
ubuntucve 7
debiancve 7
oraclelinux
oraclelinux
libexif security update
2012-09-11 00:00:00
nessus
nessus
Oracle Linux 5 / 6 : libexif (ELSA-2012-1255)
2013-07-12 00:00:00
Fedora 17 : libexif-0.6.21-2.fc17 (2013-1244)
2013-02-08 00:00:00
Mandriva Linux Security Advisory : libexif (MDVSA-2012:106)
2012-09-06 00:00:00
openvas
openvas
Oracle Linux Local Check: ELSA-2012-1255
2015-10-06 00:00:00
Debian Security Advisory DSA 2559-1 (libexif)
2012-10-22 00:00:00
RedHat Update for libexif RHSA-2012:1255-01
2012-09-17 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:106 ] libexif
2012-07-16 00:00:00
libexif / exif multiple security vulnerabilities
2012-07-23 00:00:00
libexif project security advisory July 12, 2012
2012-07-23 00:00:00
amazon
amazon
Medium: libexif
2012-09-22 21:36:00
debian
debian
[SECURITY] [DSA 2559-1] libexif security update
2012-10-17 18:45:06
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:43:08
Denial Of Service (DoS)
2019-05-02 04:43:08
Denial Of Service (DoS)
2019-05-02 04:43:08
fedora
fedora
[SECURITY] Fedora 17 Update: libexif-0.6.21-2.fc17
2013-02-08 02:34:57
[SECURITY] Fedora 16 Update: libexif-0.6.21-2.fc16
2013-02-08 02:14:42
ubuntu
ubuntu
libexif vulnerabilities
2012-07-23 00:00:00
osv
osv
libexif - several
2012-10-11 00:00:00
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2837
2012-07-13 10:34:00
suse
suse
Security update for libexif (important)
2012-07-23 19:08:44
Security update for libexif (important)
2012-07-23 19:08:42
centos
centos
libexif security update
2012-09-11 18:50:44
gentoo
gentoo
libexif, exif: Multiple vulnerabilities
2014-01-19 00:00:00
freebsd
freebsd
libexif -- multiple remote vulnerabilities
2012-07-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package libexif version 0.6.21-alt1
2012-10-27 00:00:00
slackware
slackware
[slackware-security] libexif
2012-07-18 17:04:40
alpinelinux
alpinelinux
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
CVE-2012-2836
2012-07-13 10:34:00
prion
prion
Code injection
2012-07-13 10:34:00
Design/Logic Flaw
2012-07-13 10:34:00
Heap overflow
2012-07-13 10:34:00
cve
cve
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
CVE-2012-2836
2012-07-13 10:34:00
ubuntucve
ubuntucve
CVE-2012-2836
2012-07-13 00:00:00
CVE-2012-2837
2012-07-13 00:00:00
CVE-2012-2840
2012-07-13 00:00:00
debiancve
debiancve
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2836
2012-07-13 10:34:00
CVE-2012-2837
2012-07-13 10:34:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.131 Low

EPSS

Percentile

95.0%

JSON
Related for RHSA-2012:1255
oraclelinux1nessus18openvas21securityvulns3amazon1debian1veracode7fedora2ubuntu1osv8suse2centos1gentoo1freebsd1altlinux1slackware1alpinelinux7prion7cve7ubuntucve7debiancve7