Off-by-One Error in EXIF Tag Parsing Library Affects Multiple Platforms
CVE-2012-2840

Currently unrated

Key Information:

Vendor: Libexif Project
Status: Libexif
Vendor: CVE Published:; 13 July 2012

🔔 Create Libexif Project Vulnerability Alert

What is CVE-2012-2840?

The EXIF Tag Parsing Library, also known as libexif, contains an off-by-one error in the function exif_convert_utf16_to_utf8, which can be exploited by remote attackers. By crafting malicious EXIF tags within an image, attackers may cause a denial of service or, in some instances, execute arbitrary code. This vulnerability affects versions of libexif prior to 0.6.21, posing security risks for applications relying on this library. Users are encouraged to update their installations to the latest version to mitigate potential threats.

References

http://www.securityfocus.com/bid/54437

vdb-entryx_refsource_BID

http://www.debian.org/security/2012/dsa-2559

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-security-announce/2012...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2012
Vulnerability Reserved
May 19, 2012

CVE-2012-2840 Data

JSON