CVE-2012-2837 — Project Libexif vulnerability

CWE-18910 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libexif Project Libexif
Timeline
PublishedJul 13
Latest updateMay 13

Description

The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

â–¶Debianlibexif_project/libexif< 0.6.20-3+3
â–¶NVDlibexif_project/libexif0.6.20+5

🔴Vulnerability Details

3
GHSA
GHSA-365p-hvj9-f68w: The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry↗2022-05-13
â–¶
OSV
CVE-2012-2837: The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry↗2012-07-13
â–¶
CVEList
CVE-2012-2837: The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry↗2012-07-13
â–¶

📋Vendor Advisories

3
Ubuntu
libexif vulnerabilities↗2012-07-23
â–¶
Red Hat
libexif: "mnote_olympus_entry_get_value()" division by zero↗2012-07-12
â–¶
Debian
CVE-2012-2837: libexif - The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in t...↗2012
â–¶

💬Community

3
Bugzilla
CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2012-2812 libexif various flaws [fedora-all]↗2012-07-13
â–¶
Bugzilla
CVE-2012-2837 libexif: "mnote_olympus_entry_get_value()" division by zero↗2012-07-11
â–¶
Bugzilla
libexif security vulnerabilities↗2012-07-05
â–¶
CVE-2012-2837 — Libexif Project Libexif vulnerability | cvebase