CVE-2012-2813Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Libexif

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents8 sources
Severity
6.4MEDIUMNVD
EPSS
0.9%
top 25.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libexif Project Libexif
Timeline
PublishedJul 13
Latest updateMay 13

Description

The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

Debianlibexif_project/libexif< 0.6.20-3+3

🔴Vulnerability Details

3
GHSA
GHSA-hvfw-p9q6-r9hp: The exif_convert_utf16_to_utf8 function in exif-entry2022-05-13
OSV
CVE-2012-2813: The exif_convert_utf16_to_utf8 function in exif-entry2012-07-13
CVEList
CVE-2012-2813: The exif_convert_utf16_to_utf8 function in exif-entry2012-07-13

📋Vendor Advisories

4
Ubuntu
libexif vulnerabilities2012-07-23
Red Hat
libexif: "exif_convert_utf16_to_utf8()" heap-based out-of-bounds array read2012-07-12
Red Hat
squirrelmail: not fixed in RHSA-2012:01032012-04-20
Debian
CVE-2012-2813: libexif - The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing ...2012

💬Community

4
Bugzilla
CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2012-2812 libexif various flaws [fedora-all]2012-07-13
Bugzilla
CVE-2012-2813 libexif: "exif_convert_utf16_to_utf8()" heap-based out-of-bounds array read2012-07-11
Bugzilla
libexif security vulnerabilities2012-07-05
Bugzilla
CVE-2012-2124 squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:01032012-04-20
CVE-2012-2813 — Libexif Project Libexif vulnerability | cvebase