CVE-2012-2840

Publication date 13 July 2012

Last updated 24 July 2024

Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libexif	12.04 LTS precise	Fixed 0.6.20-2ubuntu0.1
	11.10 oneiric	Fixed 0.6.20-1ubuntu0.1
	11.04 natty	Fixed 0.6.20-0ubuntu1.1
	10.04 LTS lucid	Fixed 0.6.19-1ubuntu0.1
	8.04 LTS hardy	Fixed 0.6.16-2.1ubuntu0.2

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libexif	Vendor: https://bugzilla.novell.com/attachment.cgi?id=498454 Upstream: http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif/libexif/exif-utils.c?r1=1.16&r2=1.17&view=patch

References

Related Ubuntu Security Notices (USN)

USN-1513-1
libexif vulnerabilities
23 July 2012

CVE-2012-2840

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references