SB2012072524 - Out-of-bounds read in libexif (Alpine package)
Published: July 25, 2012
Security Bulletin ID
SB2012072524
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2012-2813)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5dea23e076ed7123339473f529d74d8a9362e7c6
- https://git.alpinelinux.org/aports/commit/?id=726529dabef044127d02831c4b26fa6c6fc9d5f5
- https://git.alpinelinux.org/aports/commit/?id=7d1a8137daa5c1f5312ad957dc1857027b8999df
- https://git.alpinelinux.org/aports/commit/?id=9959b863135bbaa1251dbddfa038c9256e155702
- https://git.alpinelinux.org/aports/commit/?id=cc9c8ab403cd5dfa204be58c326dd98d0702d70c
- https://git.alpinelinux.org/aports/commit/?id=06c00380098485f50412c75cbffb75a9764ea549
- https://git.alpinelinux.org/aports/commit/?id=0945eb55f2b2645eda75587579421dcbb93d7006
- https://git.alpinelinux.org/aports/commit/?id=b8e5bb1c9488b158a055c14fb1b78e087cc14e85