1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
PublicDateAtUSN: 2012-07-13
Candidate: CVE-2012-2837
PublicDate: 2012-07-13
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837
http://libexif.sourceforge.net/
http://seclists.org/oss-sec/2012/q3/74
http://www.ubuntu.com/usn/usn-1513-1
Description:
The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c
in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote
attackers to cause a denial of service (divide-by-zero error) via an image
with crafted EXIF tags that are not properly handled during the formatting
of EXIF maker note tags.
Ubuntu-Description:
Notes:
Bugs:
https://bugzilla.novell.com/show_bug.cgi?id=771229
https://bugs.launchpad.net/ubuntu/+source/libexif/+bug/1024213
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454
http://sourceforge.net/tracker/?func=detail&aid=3434545&group_id=12272&atid=112272
Priority: low
Discovered-by: Yunho Kim
Assigned-to: mdeslaur
Patches_libexif:
vendor: https://bugzilla.novell.com/attachment.cgi?id=498460
upstream: http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif/libexif/olympus/mnote-olympus-entry.c?r1=1.54&r2=1.55&view=patch
upstream_libexif: released (0.6.20-3,0.6.21)
hardy_libexif: released (0.6.16-2.1ubuntu0.2)
lucid_libexif: released (0.6.19-1ubuntu0.1)
natty_libexif: released (0.6.20-0ubuntu1.1)
oneiric_libexif: released (0.6.20-1ubuntu0.1)
precise_libexif: released (0.6.20-2ubuntu0.1)
devel_libexif: not-affected (0.6.20-3)
|