MGASA-2012-0167
| Date: | July 14th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated libexif and exif packages fix security vulnerabilities:
A heap-based out-of-bounds array read in the exif_entry_get_value
function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows
remote attackers to cause a denial of service or possibly obtain
potentially sensitive information from process memory via an image with
crafted EXIF tags (CVE-2012-2812).
A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8
function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows
remote attackers to cause a denial of service or possibly obtain
potentially sensitive information from process memory via an image with
crafted EXIF tags (CVE-2012-2813).
A buffer overflow in the exif_entry_format_value function in
libexif/exif-entry.c in libexif 0.6.20 allows remote attackers to cause
a denial of service or possibly execute arbitrary code via an image
with crafted EXIF tags (CVE-2012-2814).
A heap-based out-of-bounds array read in the exif_data_load_data
function in libexif 0.6.20 and earlier allows remote attackers to cause
a denial of service or possibly obtain potentially sensitive
information from process memory via an image with crafted EXIF tags
(CVE-2012-2836).
A divide-by-zero error in the mnote_olympus_entry_get_value function
while formatting EXIF maker note tags in libexif 0.6.20 and earlier
allows remote attackers to cause a denial of service via an image
with crafted EXIF tags (CVE-2012-2837).
An off-by-one error in the exif_convert_utf16_to_utf8 function in
libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote
attackers to cause a denial of service or possibly execute arbitrary
code via an image with crafted EXIF tags (CVE-2012-2840).
An integer underflow in the exif_entry_get_value function can cause a
heap overflow and potentially arbitrary code execution while formatting
an EXIF tag, if the function is called with a buffer size parameter
equal to zero or one (CVE-2012-2841).
An integer overflow in the function jpeg_data_load_data in the exif
program could cause a data read beyond the end of a buffer, causing an
application crash or leakage of potentially sensitive information when
parsing a crafted JPEG file (CVE-2012-2845).
Updated Packages:
Mageia 1:
exif-0.6.21-1.mga1
libexif12-common-0.6.21-1.mga1
lib(64)exif12-0.6.21-1.mga1
lib(64)exif-devel-0.6.21-1.mga1
Mageia 2:
exif-0.6.21-1.mga2
libexif12-common-0.6.21-1.mga2
lib(64)exif12-0.6.21-1.mga2
lib(64)exif-devel-0.6.21-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845
http://sourceforge.net/mailarchive/message.php?msg_id=29534027
https://bugs.mageia.org/show_bug.cgi?id=6768
