CVE-2012-2841

Publication date 13 July 2012

Last updated 24 July 2024

Ubuntu priority

Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libexif	12.04 LTS precise	Fixed 0.6.20-2ubuntu0.1
	11.10 oneiric	Fixed 0.6.20-1ubuntu0.1
	11.04 natty	Fixed 0.6.20-0ubuntu1.1
	10.04 LTS lucid	Fixed 0.6.19-1ubuntu0.1
	8.04 LTS hardy	Fixed 0.6.16-2.1ubuntu0.2

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libexif	Vendor: https://bugzilla.novell.com/attachment.cgi?id=498457 Upstream: http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif/libexif/exif-entry.c?r1=1.148&r2=1.149&view=patch

References

Related Ubuntu Security Notices (USN)

USN-1513-1
libexif vulnerabilities
23 July 2012

CVE-2012-2841

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references