virus logo Intrusion Prevention

Red.Hat.Update.for.libexif.RHSA-2012-1255

description-logoDescription

The libexif packages provide an Exchangeable image file format (Exif) library. Exif allows metadata to be added to and read from certain types of image files.
The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. (CVE-2012-2812)
The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. (CVE-2012-2813)
Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. (CVE-2012-2814)
The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. (CVE-2012-2836)
The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags. (CVE-2012-2837)
Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. (CVE-2012-2840)
Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. (CVE-2012-2841)

affected-products-logoAffected Products

RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
Oracle Linux 6
Oracle Linux 5
CentOS 5
CentOS 6

Impact logoImpact

These vulnerabilities could allow attackers to gain partial access to sensitive information, change partial contents/configuration, or interrupt resource availability to cause a limited denial of service on the affected system.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in:
https://oss.oracle.com/pipermail/el-errata/2012-September/003016.html
https://oss.oracle.com/pipermail/el-errata/2012-September/003018.html
http://rhn.redhat.com/errata/RHSA-2012-1255.html
http://lists.centos.org/pipermail/centos-announce/2012-September/018861.html
http://lists.centos.org/pipermail/centos-announce/2012-September/018863.html

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 33359
Created Sep 27, 2012
Updated Sep 27, 2012
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 5.43%
Default Action Unavailable
Active
Profile Type N/A