Denial of Service Vulnerability in EXIF Tag Parsing Library by libexif
CVE-2012-2813

Currently unrated

Key Information:

Vendor: Libexif Project
Status: Libexif
Vendor: CVE Published:; 13 July 2012

🔔 Create Libexif Project Vulnerability Alert

What is CVE-2012-2813?

The exif_convert_utf16_to_utf8 function in the EXIF Tag Parsing Library, known as libexif, prior to version 0.6.21, is vulnerable to a remote denial of service (DoS) attack. This vulnerability allows attackers to exploit crafted EXIF tags in images, potentially leading to out-of-bounds read situations that may expose sensitive information retained in process memory. Exploiting this flaw could compromise system stability and user data confidentiality, making it critical for users to update to the latest version to mitigate risk.

References

http://www.securityfocus.com/bid/54437

vdb-entryx_refsource_BID

http://www.debian.org/security/2012/dsa-2559

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-security-announce/2012...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2012
Vulnerability Reserved
May 19, 2012

CVE-2012-2813 Data

JSON