CVE-2012-2845 — Integer Overflow or Wraparound in Exif

CWE-189 CWE-190 — Integer Overflow or Wraparound8 documents6 sources

Severity

6.4MEDIUMNVD

EPSS

0.7%

top 27.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exif Debian Exif Curtis Galloway Exif

Timeline

PublishedJul 13

Latest updateMay 17

Description

Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/exif< exif 0.6.20-2 (bookworm)

▶Debianexif/exif< 0.6.20-2+3

▶NVDcurtis_galloway/exif0.6.20

🔴Vulnerability Details

GHSA

GHSA-f92q-2q89-r8mx: Integer overflow in the jpeg_data_load_data function in jpeg-data↗2022-05-17

▶

OSV

CVE-2012-2845: Integer overflow in the jpeg_data_load_data function in jpeg-data↗2012-07-13

▶

📋Vendor Advisories

Red Hat

exif: Integer overflow, leading to DoS (buffer over-read and application crash) in jpeg_data_load_data routine↗2012-07-12

▶

Debian

CVE-2012-2845: exif - Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg i...↗2012

▶

💬Community

Bugzilla

CVE-2012-2845 exif: Integer overflow, leading to DoS (buffer over-read and application crash) in jpeg_data_load_data routine↗2012-07-13

▶

Bugzilla

CVE-2012-2845 exif: Integer overflow, leading to DoS (buffer over-read and application crash) in jpeg_data_load_data routine [fedora-all]↗2012-07-13

▶

Bugzilla

libexif security vulnerabilities↗2012-07-05

▶