Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11098

HistoryJan 15, 2019 - 8:57 a.m.

Denial Of Service (DoS)

2019-01-1508:57:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

libexif is vulnerable to denial of service. The exif_entry_get_value function in exif-entry.c does not properly process Exif tags, allowing a remote attacker to crash the process or obtain confidential information in an out-of-bounds read via a malicious EXIF tag in an image.

CPENameOperatorVersion
libexifeq0.6.20__1.el5_7.1
libexifeq0.6.16__4.1.el6
libexifeq0.6.13__4.el5
libexifeq0.6.13__4.0.2.el5_1.1
libexifeq0.6.13__4.0.2.el5

References

lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html

lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html

rhn.redhat.com/errata/RHSA-2012-1255.html

secunia.com/advisories/49988

sourceforge.net/mailarchive/message.php?msg_id=29534027

www.debian.org/security/2012/dsa-2559

www.securityfocus.com/bid/54437

www.ubuntu.com/usn/USN-1513-1

access.redhat.com/security/updates/classification/#moderate

rhn.redhat.com/errata/RHSA-2012-1255.html

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

Related for VERACODE:11098

ubuntucve1 alpinelinux1 prion1 debiancve1 osv2 cve1 suse2 nessus18 openvas23 securityvulns3 oraclelinux1 debian1 amazon1 veracode6 redhat1 centos1 fedora2 ubuntu1 freebsd1 gentoo1 altlinux1 slackware1