CVE-2012-2840

2012-07-13 12:34:59 2021-01-26 14:07:00

Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Libexif project Libexif * * * * (not an official CPE) Libexif project Libexif 0.6.19 * * * (not an official CPE) Libexif project Libexif 0.6.18 * * * (not an official CPE) Libexif project Libexif 0.6.16 * * * (not an official CPE) Libexif project Libexif 0.6.15 * * * (not an official CPE) Libexif project Libexif 0.6.14 * * * (not an official CPE)

Libexif project - Libexif

Advisory	Patch	Confirmed	Link
			http://sourceforge.net/mailarchive/message.php?msg_id=29...
			http://secunia.com/advisories/49988
			http://rhn.redhat.com/errata/RHSA-2012-1255.html
			http://lists.opensuse.org/opensuse-security-announce/201...
			http://www.debian.org/security/2012/dsa-2559
			http://www.securityfocus.com/bid/54437
			http://www.ubuntu.com/usn/USN-1513-1