Lucene search
HistoryJul 13, 2012 - 10:34 a.m.
CVE-2012-2840
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.088
Percentile
94.6%
Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
Affected configurations
Node
libexif_projectlibexifRange≤0.6.20
ORlibexif_projectlibexifMatch0.6.14
ORlibexif_projectlibexifMatch0.6.15
ORlibexif_projectlibexifMatch0.6.16
ORlibexif_projectlibexifMatch0.6.18
ORlibexif_projectlibexifMatch0.6.19
| Vendor | Product | Version | CPE |
|---|---|---|---|
| libexif_project | libexif | * | cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:* |
| libexif_project | libexif | 0.6.14 | cpe:2.3:a:libexif_project:libexif:0.6.14:*:*:*:*:*:*:* |
| libexif_project | libexif | 0.6.15 | cpe:2.3:a:libexif_project:libexif:0.6.15:*:*:*:*:*:*:* |
| libexif_project | libexif | 0.6.16 | cpe:2.3:a:libexif_project:libexif:0.6.16:*:*:*:*:*:*:* |
| libexif_project | libexif | 0.6.18 | cpe:2.3:a:libexif_project:libexif:0.6.18:*:*:*:*:*:*:* |
| libexif_project | libexif | 0.6.19 | cpe:2.3:a:libexif_project:libexif:0.6.19:*:*:*:*:*:*:* |
Related
alpinelinux
alpinelinux
CVE-2012-2840
2012-07-13 10:34:59
cvelist
cvelist
CVE-2012-2840
2012-07-13 10:00:00
osv
osv
CVE-2012-2840
2012-07-13 10:34:00
libexif-devel-0.6.21-10.8 on GA media
2024-06-15 00:00:00
libexif - several
2012-10-11 00:00:00
prion
prion
Code injection
2012-07-13 10:34:00
cve
cve
CVE-2012-2840
2012-07-13 10:34:59
ubuntucve
ubuntucve
CVE-2012-2840
2012-07-13 00:00:00
debiancve
debiancve
CVE-2012-2840
2012-07-13 10:34:59
debian
debian
[SECURITY] [DSA 2559-1] libexif security update
2012-10-17 18:45:06
openvas
openvas
Oracle: Security Advisory (ELSA-2012-1255)
2015-10-06 00:00:00
RedHat Update for libexif RHSA-2012:1255-01
2012-09-17 00:00:00
Debian Security Advisory DSA 2559-1 (libexif)
2012-10-22 00:00:00
oraclelinux
oraclelinux
libexif security update
2012-09-11 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:106 ] libexif
2012-07-16 00:00:00
libexif / exif multiple security vulnerabilities
2012-07-23 00:00:00
libexif project security advisory July 12, 2012
2012-07-23 00:00:00
amazon
amazon
Medium: libexif
2012-09-22 21:36:00
nessus
nessus
Oracle Linux 5 / 6 : libexif (ELSA-2012-1255)
2013-07-12 00:00:00
Debian DSA-2559-1 : libexif - several vulnerabilities
2012-10-18 00:00:00
Fedora 17 : libexif-0.6.21-2.fc17 (2013-1244)
2013-02-08 00:00:00
centos
centos
libexif security update
2012-09-11 18:50:44
suse
suse
Security update for libexif (important)
2012-07-23 19:08:44
veracode
veracode
Heap-Based Buffer Overflow
2019-05-02 04:43:08
Arbitrary Code Execution And Denial Of Service (DoS)
2019-05-02 04:43:08
Denial Of Service (DoS)
2019-05-02 04:43:08
redhat
redhat
(RHSA-2012:1255) Moderate: libexif security update
2012-09-11 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libexif-0.6.21-2.fc16
2013-02-08 02:14:42
[SECURITY] Fedora 17 Update: libexif-0.6.21-2.fc17
2013-02-08 02:34:57
ubuntu
ubuntu
libexif vulnerabilities
2012-07-23 00:00:00
gentoo
gentoo
libexif, exif: Multiple vulnerabilities
2014-01-19 00:00:00
freebsd
freebsd
libexif -- multiple remote vulnerabilities
2012-07-12 00:00:00
slackware
slackware
[slackware-security] libexif
2012-07-18 17:04:40
altlinux
altlinux
Security fix for the ALT Linux 7 package libexif version 0.6.21-alt1
2012-10-27 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.088
Percentile
94.6%
Related for NVD:CVE-2012-2840