CVE-2012-2841

2012-07-13T00:00:00
ID UB:CVE-2012-2841
Type ubuntucve
Reporter ubuntu.com
Modified 2012-07-13T00:00:00

Description

Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.

Bugs

  • <https://bugzilla.novell.com/show_bug.cgi?id=771229>
  • <https://bugs.launchpad.net/ubuntu/+source/libexif/+bug/1024213>
  • <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454>