7.5 - USN-1513-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	libexif vulnerabilities

Informations
Name	USN-1513-1	First vendor Publication	2012-07-23
Vendor	Ubuntu	Last vendor Modification	2012-07-23
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS

Summary:

libexif could be made to crash, run programs as your login, or expose sensitive information if it opened a specially crafted file.

Software Description: - libexif: library to parse EXIF files

Details:

Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. (CVE-2012-2812, CVE-2012-2813)

Yunho Kim discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. (CVE-2012-2836)

Dan Fandrich discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2012-2840, CVE-2012-2841)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS:
libexif12 0.6.20-2ubuntu0.1

Ubuntu 11.10:
libexif12 0.6.20-1ubuntu0.1

Ubuntu 11.04:
libexif12 0.6.20-0ubuntu1.1

Ubuntu 10.04 LTS:
libexif12 0.6.19-1ubuntu0.1

Ubuntu 8.04 LTS:
libexif12 0.6.16-2.1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1513-1
CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836,
CVE-2012-2837, CVE-2012-2840, CVE-2012-2841

Package Information:
https://launchpad.net/ubuntu/+source/libexif/0.6.20-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libexif/0.6.20-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libexif/0.6.20-0ubuntu1.1
https://launchpad.net/ubuntu/+source/libexif/0.6.19-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libexif/0.6.16-2.1ubuntu0.2

Original Source

Url : http://www.ubuntu.com/usn/USN-1513-1

CWE : Common Weakness Enumeration

%	Id	Name
57 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
43 %	CWE-189	Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17896

Oval ID:	oval:org.mitre.oval:def:17896
Title:	USN-1513-1 -- libexif vulnerabilities
Description:	libexif could be made to crash, run programs as your login, or expose sensitive information if it opened a specially crafted file.
Family:	unix	Class:	patch
Reference(s):	USN-1513-1 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841	Version:	7
Platform(s):	Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04	Product(s):	libexif
Definition Synopsis:
Release section Ubuntu 12.04 is installed AND libexif12 DPKG is earlier than 0.6.20-2ubuntu0.1 AND Release section Ubuntu 11.10 is installed AND libexif12 DPKG is earlier than 0.6.20-1ubuntu0.1 AND Release section Ubuntu 11.04 is installed AND libexif12 DPKG is earlier than 0.6.20-0ubuntu1.1 AND Release section Ubuntu 10.04 is installed AND libexif12 DPKG is earlier than 0.6.19-1ubuntu0.1 AND Release section Ubuntu 8.04 is installed AND libexif12 DPKG is earlier than 0.6.16-2.1ubuntu0.2

Definition Id: oval:org.mitre.oval:def:18076

Oval ID:	oval:org.mitre.oval:def:18076
Title:	DSA-2559-1 libexif - several
Description:	Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files.
Family:	unix	Class:	patch
Reference(s):	DSA-2559-1 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	libexif
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libexif DPKG is earlier than 0.6.19-1+squeeze1

Definition Id: oval:org.mitre.oval:def:20665

Oval ID:	oval:org.mitre.oval:def:20665
Title:	RHSA-2012:1255: libexif security update (Moderate)
Description:	Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1255-01 CESA-2012:1255 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841	Version:	94
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6	Product(s):	libexif
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section libexif-devel is earlier than 0:0.6.21-1.el5_8 AND libexif is earlier than 0:0.6.21-1.el5_8 AND Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section libexif-devel is earlier than 0:0.6.21-5.el6_3 AND libexif is earlier than 0:0.6.21-5.el6_3

Definition Id: oval:org.mitre.oval:def:23353

Oval ID:	oval:org.mitre.oval:def:23353
Title:	DEPRECATED: ELSA-2012:1255: libexif security update (Moderate)
Description:	Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1255-01 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841	Version:	34
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	libexif
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test libexif-devel is earlier than 0:0.6.21-1.el5_8 AND libexif is earlier than 0:0.6.21-1.el5_8 OR rpm test Oracle Linux 6.x AND rpm test libexif-devel is earlier than 0:0.6.21-5.el6_3 AND libexif is earlier than 0:0.6.21-5.el6_3

Definition Id: oval:org.mitre.oval:def:23962

Oval ID:	oval:org.mitre.oval:def:23962
Title:	ELSA-2012:1255: libexif security update (Moderate)
Description:	Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1255-01 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841	Version:	33
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	libexif
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test libexif-devel is earlier than 0:0.6.21-1.el5_8 AND libexif is earlier than 0:0.6.21-1.el5_8 OR rpm test Oracle Linux 6.x AND rpm test libexif-devel is earlier than 0:0.6.21-5.el6_3 AND libexif is earlier than 0:0.6.21-5.el6_3

Definition Id: oval:org.mitre.oval:def:27739

Oval ID:	oval:org.mitre.oval:def:27739
Title:	DEPRECATED: ELSA-2012-1255 -- libexif security update (moderate)
Description:	[0.6.21-5] - Update to version 0.6.21 fixing many bugs and CVEs - Remove upstreamed patches - Resolves: #839915
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1255 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	libexif
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section libexif is earlier than 0:0.6.21-1.el5_8 AND libexif-devel is earlier than 0:0.6.21-1.el5_8 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section libexif is earlier than 0:0.6.21-5.el6_3 AND libexif-devel is earlier than 0:0.6.21-5.el6_3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Libexif Project Libexif cpe:2.3:a:libexif_project:libexif:0.6.20:::::::* cpe:2.3:a:libexif_project:libexif:0.6.19:::::::* cpe:2.3:a:libexif_project:libexif:0.6.18:::::::* cpe:2.3:a:libexif_project:libexif:0.6.16:::::::* cpe:2.3:a:libexif_project:libexif:0.6.15:::::::* cpe:2.3:a:libexif_project:libexif:0.6.14:::::::* cpe:2.3:a:libexif_project:libexif:::::::: cpe:2.3:a:libexif_project:libexif:-:::::::*	8

OpenVAS Exploits

Date	Description
2012-10-22	Name : Debian Security Advisory DSA 2559-1 (libexif) File : nvt/deb_2559_1.nasl
2012-09-17	Name : CentOS Update for libexif CESA-2012:1255 centos5 File : nvt/gb_CESA-2012_1255_libexif_centos5.nasl
2012-09-17	Name : CentOS Update for libexif CESA-2012:1255 centos6 File : nvt/gb_CESA-2012_1255_libexif_centos6.nasl
2012-09-17	Name : RedHat Update for libexif RHSA-2012:1255-01 File : nvt/gb_RHSA-2012_1255-01_libexif.nasl
2012-09-10	Name : Slackware Advisory SSA:2012-200-01 libexif File : nvt/esoft_slk_ssa_2012_200_01.nasl
2012-07-26	Name : Ubuntu Update for libexif USN-1513-1 File : nvt/gb_ubuntu_USN_1513_1.nasl
2012-07-16	Name : Mandriva Update for libexif MDVSA-2012:106 (libexif) File : nvt/gb_mandriva_MDVSA_2012_106.nasl

Nessus® Vulnerability Scanner

Date	Description
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libexif_20130716.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-440.nasl - Type : ACT_GATHER_INFO
2014-01-20	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-10.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-126.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1255.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-035.nasl - Type : ACT_GATHER_INFO
2013-03-15	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d881d25470c611e2862d080027a5ec9a.nasl - Type : ACT_GATHER_INFO
2013-02-08	Name : The remote Fedora host is missing a security update. File : fedora_2013-1244.nasl - Type : ACT_GATHER_INFO
2013-02-08	Name : The remote Fedora host is missing a security update. File : fedora_2013-1257.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libexif-120717.nasl - Type : ACT_GATHER_INFO
2012-10-18	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2559.nasl - Type : ACT_GATHER_INFO
2012-09-12	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1255.nasl - Type : ACT_GATHER_INFO
2012-09-12	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120911_libexif_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-09-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1255.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-106.nasl - Type : ACT_GATHER_INFO
2012-07-24	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1513-1.nasl - Type : ACT_GATHER_INFO
2012-07-19	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-200-01.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:00:28	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	7
Oval ID(s)	6
CPE ID(s)	8
Openvas Exploit(s)	7
Nessus® Exploit(s)	17

	Related
7.5	CVE-2012-2841
7.5	CVE-2012-2840
7.5	CVE-2012-2814
6.4	CVE-2012-2836
6.4	CVE-2012-2813
6.4	CVE-2012-2812
5	CVE-2012-2837
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 7 more Alert(s)