Main Vulnerability Database Vulnerabilities #VU1477

Buffer overflow in libexif - CVE-2012-2814

Published: December 21, 2016 / Updated: July 26, 2020

Vulnerability identifier: #VU1477

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2012-2814

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: libexif.sourceforge.net

Affected software:
libexif

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing images in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library. A remote attacker can create crafted EXIF tags in an image, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2012-2814

Install update from vendor's website.

Sources

http://sourceforge.net/mailarchive/message.php?msg_id=29534027

Buffer overflow in libexif - CVE-2012-2814

Detailed vulnerability description

How to mitigate CVE-2012-2814

Sources

Please verify you're human