Skip to main content

libexif Multiple Vulnerabilities

Last Update Date: 16 Jul 2012 11:50 Release Date: 16 Jul 2012 5198 Views

RISK: Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in libexif, which can be exploited by malicious people to disclose certain sensitive information, cause a DoS (Denial of Service), and compromise an application using the library.

  1. An out-of-bounds read error within the "exif_entry_get_value()" function (libexif/exif-entry.c) when handling the EXIF_TAG_COPYRIGHT tag can be exploited to cause a crash or disclose process memory.
  2. An out-of-bounds read error within the "exif_convert_utf16_to_utf8()" function (libexif/exif-entry.c) when handling UTF16 encoded images can be exploited to cause a crash or disclose process memory.
  3. Some errors within the "exif_entry_format_value()" function (libexif/exif-entry.c) when handling EXIF tags can be exploited to cause buffer overflows.
  4. An integer overflow error within the "exif_data_load_data()" function (libexif/exif-data.c) when parsing certain headers can be exploited to cause a buffer overflow.
  5. A divide-by-zero error within the "mnote_olympus_entry_get_value()" function (libexif/olympus/mnote-olympus-entry.c) when parsing image color information can be exploited to cause a crash.
  6. An off-by-one error within the "exif_convert_utf16_to_utf8()" function (libexif/exif-utils.c) handling UTF16 encoded images can be exploited to corrupt memory.
  7. An integer overflow error within the "exif_entry_get_value()" function (libexif/exif-entry.c) can be exploited to cause a buffer overflow.
  8. An integer overflow error within the "jpeg_data_load_data()" function can be exploited to cause a buffer overflow.

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • libexif 0.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 0.6.21.

Vulnerability Identifier


Source


Related Link