Denial of Service Vulnerability in EXIF Tag Parsing Library by libexif
CVE-2012-2836

Currently unrated

Key Information:

Vendor: Libexif Project
Status: Libexif
Vendor: CVE Published:; 13 July 2012

🔔 Create Libexif Project Vulnerability Alert

What is CVE-2012-2836?

The exif_data_load_data function in the EXIF Tag Parsing Library (libexif) is vulnerable to denial of service due to an out-of-bounds read condition. Attackers can craft malicious EXIF tags within an image file, leading to potential disruptions in services or exposure of sensitive information from the process memory. This vulnerability affects libexif versions prior to 0.6.21, making it crucial for users to update to the latest version to mitigate the risks.

References

http://www.securityfocus.com/bid/54437

vdb-entryx_refsource_BID

http://www.debian.org/security/2012/dsa-2559

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-security-announce/2012...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2012
Vulnerability Reserved
May 19, 2012

CVE-2012-2836 Data

JSON