The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:10
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/54437 - | |
References | () http://www.ubuntu.com/usn/USN-1513-1 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2012-1255.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html - | |
References | () http://secunia.com/advisories/49988 - | |
References | () http://sourceforge.net/mailarchive/message.php?msg_id=29534027 - | |
References | () http://www.debian.org/security/2012/dsa-2559 - |
26 Jan 2021, 13:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:curtis_galloway:libexif:0.6.19:*:*:*:*:*:*:* cpe:2.3:a:curtis_galloway:libexif:0.6.14:*:*:*:*:*:*:* cpe:2.3:a:curtis_galloway:libexif:0.6.16:*:*:*:*:*:*:* cpe:2.3:a:curtis_galloway:libexif:0.6.15:*:*:*:*:*:*:* cpe:2.3:a:curtis_galloway:libexif:*:*:*:*:*:*:*:* |
cpe:2.3:a:libexif_project:libexif:0.6.18:*:*:*:*:*:*:* cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:* cpe:2.3:a:libexif_project:libexif:0.6.16:*:*:*:*:*:*:* cpe:2.3:a:libexif_project:libexif:0.6.15:*:*:*:*:*:*:* cpe:2.3:a:libexif_project:libexif:0.6.14:*:*:*:*:*:*:* cpe:2.3:a:libexif_project:libexif:0.6.19:*:*:*:*:*:*:* |
Information
Published : 2012-07-13 10:34
Updated : 2023-12-10 11:16
NVD link : CVE-2012-2812
Mitre link : CVE-2012-2812
CVE.ORG link : CVE-2012-2812
JSON object : View
Products Affected
libexif_project
- libexif
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer