Launchpad CVE tracker

CVE 2012-2814

Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.

Related bugs and status

CVE-2012-2814 (Candidate) is related to these bugs:

Bug #1024213: libexif 0.6.21 and exif 0.6.21 were released to fix various overflows and related issues.

Summary				In	Importance	Status
	1024213	libexif 0.6.21 and exif 0.6.21 were released to fix various overflows and related issues.		libexif (Ubuntu)	Undecided	Fix Released
	1024213	libexif 0.6.21 and exif 0.6.21 were released to fix various overflows and related issues.		libexif (openSUSE)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [libexif-devel] 201207...
SUSE: SUSE-SU-2012:0902
SUSE: SUSE-SU-2012:0903
UBUNTU: USN-1513-1
REDHAT: RHSA-2012:1255
DEBIAN: DSA-2559
SECUNIA: 49988
CONFIRM: http://www.oracle.com/...
BID: 54437

Launchpad.net

CVE 2012-2814

Related bugs and status

Related bugs

References