Executive Summary
Summary | |
---|---|
Title | libexif, exif: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201401-10 | First vendor Publication | 2014-01-19 |
Vendor | Gentoo | Last vendor Modification | 2014-01-19 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in libexif and exif, some of which may allow execution of arbitrary code. Background Description Impact Workaround Resolution Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. All exif users should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-201401-10.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201401-10.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17896 | |||
Oval ID: | oval:org.mitre.oval:def:17896 | ||
Title: | USN-1513-1 -- libexif vulnerabilities | ||
Description: | libexif could be made to crash, run programs as your login, or expose sensitive information if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1513-1 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | libexif |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18076 | |||
Oval ID: | oval:org.mitre.oval:def:18076 | ||
Title: | DSA-2559-1 libexif - several | ||
Description: | Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2559-1 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libexif |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20665 | |||
Oval ID: | oval:org.mitre.oval:def:20665 | ||
Title: | RHSA-2012:1255: libexif security update (Moderate) | ||
Description: | Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1255-01 CESA-2012:1255 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 94 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | libexif |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23353 | |||
Oval ID: | oval:org.mitre.oval:def:23353 | ||
Title: | DEPRECATED: ELSA-2012:1255: libexif security update (Moderate) | ||
Description: | Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1255-01 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 34 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | libexif |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23962 | |||
Oval ID: | oval:org.mitre.oval:def:23962 | ||
Title: | ELSA-2012:1255: libexif security update (Moderate) | ||
Description: | Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1255-01 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 33 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | libexif |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27739 | |||
Oval ID: | oval:org.mitre.oval:def:27739 | ||
Title: | DEPRECATED: ELSA-2012-1255 -- libexif security update (moderate) | ||
Description: | [0.6.21-5] - Update to version 0.6.21 fixing many bugs and CVEs - Remove upstreamed patches - Resolves: #839915 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1255 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libexif |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-22 | Name : Debian Security Advisory DSA 2559-1 (libexif) File : nvt/deb_2559_1.nasl |
2012-09-17 | Name : CentOS Update for libexif CESA-2012:1255 centos5 File : nvt/gb_CESA-2012_1255_libexif_centos5.nasl |
2012-09-17 | Name : CentOS Update for libexif CESA-2012:1255 centos6 File : nvt/gb_CESA-2012_1255_libexif_centos6.nasl |
2012-09-17 | Name : RedHat Update for libexif RHSA-2012:1255-01 File : nvt/gb_RHSA-2012_1255-01_libexif.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-200-01 libexif File : nvt/esoft_slk_ssa_2012_200_01.nasl |
2012-08-30 | Name : Fedora Update for exif FEDORA-2012-10854 File : nvt/gb_fedora_2012_10854_exif_fc17.nasl |
2012-07-30 | Name : Fedora Update for exif FEDORA-2012-10819 File : nvt/gb_fedora_2012_10819_exif_fc16.nasl |
2012-07-26 | Name : Ubuntu Update for libexif USN-1513-1 File : nvt/gb_ubuntu_USN_1513_1.nasl |
2012-07-16 | Name : Mandriva Update for libexif MDVSA-2012:106 (libexif) File : nvt/gb_mandriva_MDVSA_2012_106.nasl |
2012-07-16 | Name : Mandriva Update for exif MDVSA-2012:107 (exif) File : nvt/gb_mandriva_MDVSA_2012_107.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libexif_20130716.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-440.nasl - Type : ACT_GATHER_INFO |
2014-01-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-10.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-126.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1255.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-035.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2013-036.nasl - Type : ACT_GATHER_INFO |
2013-03-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d881d25470c611e2862d080027a5ec9a.nasl - Type : ACT_GATHER_INFO |
2013-02-08 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1244.nasl - Type : ACT_GATHER_INFO |
2013-02-08 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1257.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libexif-120717.nasl - Type : ACT_GATHER_INFO |
2012-10-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2559.nasl - Type : ACT_GATHER_INFO |
2012-09-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1255.nasl - Type : ACT_GATHER_INFO |
2012-09-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1255.nasl - Type : ACT_GATHER_INFO |
2012-09-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120911_libexif_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-106.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2012-107.nasl - Type : ACT_GATHER_INFO |
2012-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10854.nasl - Type : ACT_GATHER_INFO |
2012-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10819.nasl - Type : ACT_GATHER_INFO |
2012-07-24 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1513-1.nasl - Type : ACT_GATHER_INFO |
2012-07-19 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-200-01.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:02 |
|
2014-01-19 17:18:11 |
|