| ID |
CVE-2012-2841
|
| Summary |
Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.5 (as of 26-01-2021 - 13:07) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-189 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| redhat
via4
|
| advisories | | bugzilla | | id | 839203 | | title | heap-based out-of-bounds array read |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 5 is installed | | oval | oval:com.redhat.rhba:tst:20070331005 |
| OR | | AND | | comment | libexif is earlier than 0:0.6.21-1.el5_8 | | oval | oval:com.redhat.rhsa:tst:20121255001 |
| comment | libexif is signed with Red Hat redhatrelease key | | oval | oval:com.redhat.rhsa:tst:20070501007 |
|
| AND | | comment | libexif-devel is earlier than 0:0.6.21-1.el5_8 | | oval | oval:com.redhat.rhsa:tst:20121255003 |
| comment | libexif-devel is signed with Red Hat redhatrelease key | | oval | oval:com.redhat.rhsa:tst:20070501009 |
|
|
|
| AND | | comment | Red Hat Enterprise Linux 6 is installed | | oval | oval:com.redhat.rhba:tst:20111656003 |
| OR | | AND | | comment | libexif is earlier than 0:0.6.21-5.el6_3 | | oval | oval:com.redhat.rhsa:tst:20121255006 |
| comment | libexif is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20121255007 |
|
| AND | | comment | libexif-devel is earlier than 0:0.6.21-5.el6_3 | | oval | oval:com.redhat.rhsa:tst:20121255008 |
| comment | libexif-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20121255009 |
|
|
|
|
| | rhsa | | id | RHSA-2012:1255 | | released | 2012-09-11 | | severity | Moderate | | title | RHSA-2012:1255: libexif security update (Moderate) |
|
| | rpms | - libexif-0:0.6.21-1.el5_8
- libexif-0:0.6.21-5.el6_3
- libexif-debuginfo-0:0.6.21-1.el5_8
- libexif-debuginfo-0:0.6.21-5.el6_3
- libexif-devel-0:0.6.21-1.el5_8
- libexif-devel-0:0.6.21-5.el6_3
|
|
| refmap
via4
|
| bid | 54437 | | debian | DSA-2559 | | mlist | [libexif-devel] 20120712 libexif project security advisory July 12, 2012 | | secunia | 49988 | | suse | - SUSE-SU-2012:0902
- SUSE-SU-2012:0903
| | ubuntu | USN-1513-1 |
|
| Last major update |
26-01-2021 - 13:07 |
| Published |
13-07-2012 - 10:34 |
| Last modified |
26-01-2021 - 13:07 |
