CVE-2012-2840Off-by-one Error in Project Libexif

CWE-189CWE-193Off-by-one Error10 documents8 sources
Severity
7.5HIGHNVD
EPSS
2.2%
top 15.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libexif Project Libexif
Timeline
PublishedJul 13
Latest updateMay 13

Description

Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianlibexif_project/libexif< 0.6.20-3+3

🔴Vulnerability Details

3
GHSA
GHSA-7r47-9m3f-8mp5: Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry2022-05-13
OSV
CVE-2012-2840: Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry2012-07-13
CVEList
CVE-2012-2840: Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry2012-07-13

📋Vendor Advisories

3
Ubuntu
libexif vulnerabilities2012-07-23
Red Hat
libexif: "exif_convert_utf16_to_utf8()" off-by-one2012-07-12
Debian
CVE-2012-2840: libexif - Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in t...2012

💬Community

3
Bugzilla
CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2012-2812 libexif various flaws [fedora-all]2012-07-13
Bugzilla
CVE-2012-2840 libexif: "exif_convert_utf16_to_utf8()" off-by-one2012-07-11
Bugzilla
libexif security vulnerabilities2012-07-05
CVE-2012-2840 — Off-by-one Error in Project Libexif | cvebase