Executive Summary
Summary | |
---|---|
Title | libexif security update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:1255 | First vendor Publication | 2012-09-11 |
Vendor | RedHat | Last vendor Modification | 2012-09-11 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated libexif packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The libexif packages provide an Exchangeable image file format (Exif) library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841) Red Hat would like to thank Dan Fandrich for reporting these issues. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter of CVE-2012-2812, CVE-2012-2813, and CVE-2012-2814; and Yunho Kim as the original reporter of CVE-2012-2836 and CVE-2012-2837. Users of libexif are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libexif must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 839182 - CVE-2012-2813 libexif: "exif_convert_utf16_to_utf8()" heap-based out-of-bounds array read 839183 - CVE-2012-2814 libexif: "exif_entry_format_value()" buffer overflow 839184 - CVE-2012-2836 libexif: "exif_data_load_data()" heap-based out-of-bounds array read 839185 - CVE-2012-2837 libexif: "mnote_olympus_entry_get_value()" division by zero 839188 - CVE-2012-2840 libexif: "exif_convert_utf16_to_utf8()" off-by-one 839189 - CVE-2012-2841 libexif: "exif_entry_get_value()" integer underflow 839203 - CVE-2012-2812 libexif: "exif_entry_get_value()" heap-based out-of-bounds array read |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-1255.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
57 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
43 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17896 | |||
Oval ID: | oval:org.mitre.oval:def:17896 | ||
Title: | USN-1513-1 -- libexif vulnerabilities | ||
Description: | libexif could be made to crash, run programs as your login, or expose sensitive information if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1513-1 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | libexif |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18076 | |||
Oval ID: | oval:org.mitre.oval:def:18076 | ||
Title: | DSA-2559-1 libexif - several | ||
Description: | Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2559-1 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libexif |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20665 | |||
Oval ID: | oval:org.mitre.oval:def:20665 | ||
Title: | RHSA-2012:1255: libexif security update (Moderate) | ||
Description: | Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1255-01 CESA-2012:1255 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 94 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | libexif |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23353 | |||
Oval ID: | oval:org.mitre.oval:def:23353 | ||
Title: | DEPRECATED: ELSA-2012:1255: libexif security update (Moderate) | ||
Description: | Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1255-01 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 34 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | libexif |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23962 | |||
Oval ID: | oval:org.mitre.oval:def:23962 | ||
Title: | ELSA-2012:1255: libexif security update (Moderate) | ||
Description: | Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1255-01 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 33 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | libexif |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27739 | |||
Oval ID: | oval:org.mitre.oval:def:27739 | ||
Title: | DEPRECATED: ELSA-2012-1255 -- libexif security update (moderate) | ||
Description: | [0.6.21-5] - Update to version 0.6.21 fixing many bugs and CVEs - Remove upstreamed patches - Resolves: #839915 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1255 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libexif |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-22 | Name : Debian Security Advisory DSA 2559-1 (libexif) File : nvt/deb_2559_1.nasl |
2012-09-17 | Name : CentOS Update for libexif CESA-2012:1255 centos5 File : nvt/gb_CESA-2012_1255_libexif_centos5.nasl |
2012-09-17 | Name : CentOS Update for libexif CESA-2012:1255 centos6 File : nvt/gb_CESA-2012_1255_libexif_centos6.nasl |
2012-09-17 | Name : RedHat Update for libexif RHSA-2012:1255-01 File : nvt/gb_RHSA-2012_1255-01_libexif.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-200-01 libexif File : nvt/esoft_slk_ssa_2012_200_01.nasl |
2012-07-26 | Name : Ubuntu Update for libexif USN-1513-1 File : nvt/gb_ubuntu_USN_1513_1.nasl |
2012-07-16 | Name : Mandriva Update for libexif MDVSA-2012:106 (libexif) File : nvt/gb_mandriva_MDVSA_2012_106.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libexif_20130716.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-440.nasl - Type : ACT_GATHER_INFO |
2014-01-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-10.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-126.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1255.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-035.nasl - Type : ACT_GATHER_INFO |
2013-03-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d881d25470c611e2862d080027a5ec9a.nasl - Type : ACT_GATHER_INFO |
2013-02-08 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1244.nasl - Type : ACT_GATHER_INFO |
2013-02-08 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1257.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libexif-120717.nasl - Type : ACT_GATHER_INFO |
2012-10-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2559.nasl - Type : ACT_GATHER_INFO |
2012-09-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1255.nasl - Type : ACT_GATHER_INFO |
2012-09-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120911_libexif_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-09-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1255.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-106.nasl - Type : ACT_GATHER_INFO |
2012-07-24 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1513-1.nasl - Type : ACT_GATHER_INFO |
2012-07-19 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-200-01.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:56:20 |
|