SB2012072527 - Division by zero in libexif (Alpine package)
Published: July 25, 2012
Security Bulletin ID
SB2012072527
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Division by zero (CVE-ID: CVE-2012-2837)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within the mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library. A remote attacker can perform a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5dea23e076ed7123339473f529d74d8a9362e7c6
- https://git.alpinelinux.org/aports/commit/?id=726529dabef044127d02831c4b26fa6c6fc9d5f5
- https://git.alpinelinux.org/aports/commit/?id=7d1a8137daa5c1f5312ad957dc1857027b8999df
- https://git.alpinelinux.org/aports/commit/?id=9959b863135bbaa1251dbddfa038c9256e155702
- https://git.alpinelinux.org/aports/commit/?id=cc9c8ab403cd5dfa204be58c326dd98d0702d70c
- https://git.alpinelinux.org/aports/commit/?id=06c00380098485f50412c75cbffb75a9764ea549
- https://git.alpinelinux.org/aports/commit/?id=0945eb55f2b2645eda75587579421dcbb93d7006
- https://git.alpinelinux.org/aports/commit/?id=b8e5bb1c9488b158a055c14fb1b78e087cc14e85