CVE-2012-2841
published 2012-07-13CVE-2012-2841: Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libexif | < libexif 0.6.20-3 (bookworm) | libexif 0.6.20-3 (bookworm) |
| libexif_project | libexif | — | — |
| libexif_project | libexif | >= 0 < 0.6.20-3 | 0.6.20-3 |
| libexif_project | libexif | >= 0 < 0.6.20-3 | 0.6.20-3 |
| libexif_project | libexif | >= 0 < 0.6.20-3 | 0.6.20-3 |
| libexif_project | libexif | >= 0 < 0.6.20-3 | 0.6.20-3 |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH