libexif Multiple Vulnerabilities
Last Update Date:
16 Jul 2012 11:50
Release Date:
16 Jul 2012
5198
Views
RISK: Medium Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in libexif, which can be exploited by malicious people to disclose certain sensitive information, cause a DoS (Denial of Service), and compromise an application using the library.
- An out-of-bounds read error within the "exif_entry_get_value()" function (libexif/exif-entry.c) when handling the EXIF_TAG_COPYRIGHT tag can be exploited to cause a crash or disclose process memory.
- An out-of-bounds read error within the "exif_convert_utf16_to_utf8()" function (libexif/exif-entry.c) when handling UTF16 encoded images can be exploited to cause a crash or disclose process memory.
- Some errors within the "exif_entry_format_value()" function (libexif/exif-entry.c) when handling EXIF tags can be exploited to cause buffer overflows.
- An integer overflow error within the "exif_data_load_data()" function (libexif/exif-data.c) when parsing certain headers can be exploited to cause a buffer overflow.
- A divide-by-zero error within the "mnote_olympus_entry_get_value()" function (libexif/olympus/mnote-olympus-entry.c) when parsing image color information can be exploited to cause a crash.
- An off-by-one error within the "exif_convert_utf16_to_utf8()" function (libexif/exif-utils.c) handling UTF16 encoded images can be exploited to corrupt memory.
- An integer overflow error within the "exif_entry_get_value()" function (libexif/exif-entry.c) can be exploited to cause a buffer overflow.
- An integer overflow error within the "jpeg_data_load_data()" function can be exploited to cause a buffer overflow.
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- libexif 0.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 0.6.21.
Vulnerability Identifier
- CVE-2012-2812
- CVE-2012-2813
- CVE-2012-2814
- CVE-2012-2836
- CVE-2012-2837
- CVE-2012-2840
- CVE-2012-2841
- CVE-2012-2845
Source
Related Link
Share with