Skip to main content

Libexif CVE-2012-2836

MEDIUM
Buffer Overflow (CWE-119)
2012-07-13 chrome-cve-admin@google.com
6.4
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Jul 13, 2012 - 10:34 cve.org
MEDIUM 6.4

DescriptionCVE.org

The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.

AnalysisAI

The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. Affected products include: Libexif Project Libexif. Version information: before 0.6.21.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2017-7544 CRITICAL POC
9.1 Sep 21

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in l

CVE-2020-13112 CRITICAL
9.1 May 21

An issue was discovered in libexif before 0.6.22. Rated critical severity (CVSS 9.1), this vulnerability is remotely exp

CVE-2012-2841 HIGH
7.5 Jul 13

Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6

CVE-2012-2814 HIGH
7.5 Jul 13

Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.

CVE-2020-13113 HIGH
8.2 May 21

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 8.2), this vulnerability is remotely exploit

CVE-2012-2840 HIGH
7.5 Jul 13

Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif

CVE-2020-0198 HIGH
7.5 Jun 11

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. Rated high se

CVE-2020-0181 HIGH
7.5 Jun 11

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. Rated

CVE-2020-13114 HIGH
7.5 May 21

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploit

CVE-2026-32775 HIGH
7.4 Mar 16

Integer underflow in libexif 0.6.25 and earlier allows local attackers to overwrite memory via crafted MakerNote EXIF da

CVE-2012-2812 MEDIUM
6.4 Jul 13

The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows rem

CVE-2012-2813 MEDIUM
6.4 Jul 13

The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allo

Share

CVE-2012-2836 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy