Debian: DSA-2559-1: libexif security update

    Date17 Oct 2012
    CategoryDebian
    40
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files. CVE-2012-2812: A heap-based out-of-bounds array read in the
    
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2559-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Yves-Alexis Perez
    October 11, 2012                       http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : libexif
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 
                     CVE-2012-2837 CVE-2012-2840 CVE-2012-2841
    Debian Bug     : 681454
    
    Several vulnerabilities were found in libexif, a library used to parse EXIF
    meta-data on camera files.
    
    CVE-2012-2812: A heap-based out-of-bounds array read in the
    exif_entry_get_value function allows remote attackers to cause a denial of
    service or possibly obtain potentially sensitive information from process
    memory via an image with crafted EXIF tags.
    
    CVE-2012-2813: A heap-based out-of-bounds array read in the
    exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial
    of service or possibly obtain potentially sensitive information from process
    memory via an image with crafted EXIF tags. 
    
    CVE-2012-2814: A buffer overflow in the exif_entry_format_value function
    allows remote attackers to cause a denial of service or possibly execute
    arbitrary code via an image with crafted EXIF tags.
    
    CVE-2012-2836: A heap-based out-of-bounds array read in the
    exif_data_load_data function allows remote attackers to cause a denial of
    service or possibly obtain potentially sensitive information from process
    memory via an image with crafted EXIF tags.
    
    CVE-2012-2837: A divide-by-zero error in the mnote_olympus_entry_get_value
    function while formatting EXIF maker note tags allows remote attackers to
    cause a denial of service via an image with crafted EXIF tags.
    
    CVE-2012-2840: An off-by-one error in the exif_convert_utf16_to_utf8 function
    allows remote attackers to cause a denial of service or possibly execute
    arbitrary code via an image with crafted EXIF tags. 
    
    CVE-2012-2841: An integer underflow in the exif_entry_get_value function can
    cause a heap overflow and potentially arbitrary code execution while
    formatting an EXIF tag, if the function is called with a buffer size
    parameter equal to zero or one.
    
    For the stable distribution (squeeze), these problems have been fixed in
    version 0.6.19-1+squeeze1.
    
    For the testing distribution (wheezy), these problems have been fixed in
    version 0.6.20-3.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 0.6.20-3.
    
    We recommend that you upgrade your libexif packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.