Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libexif vulnerabilities (USN-1513-1)

Ubuntu Security Notice (C) 2012-2016 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Mateusz Jurczyk discovered that libexif incorrectly parsed certain
malformed EXIF tags. If a user or automated system were tricked into
processing a specially crafted image file, an attacker could cause
libexif to crash, leading to a denial of service, or possibly obtain
sensitive information. (CVE-2012-2812, CVE-2012-2813)

Mateusz Jurczyk discovered that libexif incorrectly parsed certain
malformed EXIF tags. If a user or automated system were tricked into
processing a specially crafted image file, an attacker could cause
libexif to crash, leading to a denial of service, or possibly execute
arbitrary code. (CVE-2012-2814)

Yunho Kim discovered that libexif incorrectly parsed certain malformed
EXIF tags. If a user or automated system were tricked into processing
a specially crafted image file, an attacker could cause libexif to
crash, leading to a denial of service, or possibly obtain sensitive
information. (CVE-2012-2836)

Yunho Kim discovered that libexif incorrectly parsed certain malformed
EXIF tags. If a user or automated system were tricked into processing
a specially crafted image file, an attacker could cause libexif to
crash, leading to a denial of service. (CVE-2012-2837)

Dan Fandrich discovered that libexif incorrectly parsed certain
malformed EXIF tags. If a user or automated system were tricked into
processing a specially crafted image file, an attacker could cause
libexif to crash, leading to a denial of service, or possibly execute
arbitrary code. (CVE-2012-2840, CVE-2012-2841).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libexif12 package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 60105 ()

Bugtraq ID: 54437

CVE ID: CVE-2012-2812
CVE-2012-2813
CVE-2012-2814
CVE-2012-2836
CVE-2012-2837
CVE-2012-2840
CVE-2012-2841

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial