Integer Underflow Vulnerability in EXIF Tag Parsing Library by Libexif
CVE-2012-2841

Currently unrated

Key Information:

Vendor: Libexif Project
Status: Libexif
Vendor: CVE Published:; 13 July 2012

🔔 Create Libexif Project Vulnerability Alert

What is CVE-2012-2841?

The EXIF Tag Parsing Library (libexif) version 0.6.20 is susceptible to an integer underflow vulnerability within the exif_entry_get_value function. Attackers may exploit this vulnerability by supplying a manipulated buffer-size parameter during the processing of an EXIF tag. This may result in a heap-based buffer overflow, potentially allowing remote attackers to execute arbitrary code on the affected system.

References

http://www.securityfocus.com/bid/54437

vdb-entryx_refsource_BID

http://www.debian.org/security/2012/dsa-2559

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-security-announce/2012...

vendor-advisoryx_refsource_SUSE

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2012
Vulnerability Reserved
May 19, 2012

CVE-2012-2841 Data

JSON