Detections
Analytics

Debian DSA-2559-1 : libexif - several vulnerabilities

high Nessus Plugin ID 62599

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files.

 - CVE-2012-2812 :
 A heap-based out-of-bounds array read in the exif_entry_get_value function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags.

 - CVE-2012-2813 :
 A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags.

 - CVE-2012-2814 :
 A buffer overflow in the exif_entry_format_value function allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags.

 - CVE-2012-2836 :
 A heap-based out-of-bounds array read in the exif_data_load_data function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags.

 - CVE-2012-2837 :
 A divide-by-zero error in the mnote_olympus_entry_get_value function while formatting EXIF maker note tags allows remote attackers to cause a denial of service via an image with crafted EXIF tags.

 - CVE-2012-2840 :
 An off-by-one error in the exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags.

 - CVE-2012-2841 :
 An integer underflow in the exif_entry_get_value function can cause a heap overflow and potentially arbitrary code execution while formatting an EXIF tag, if the function is called with a buffer size parameter equal to zero or one.

Solution

Upgrade the libexif packages.

For the stable distribution (squeeze), these problems have been fixed in version 0.6.19-1+squeeze1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454

https://security-tracker.debian.org/tracker/CVE-2012-2812

https://security-tracker.debian.org/tracker/CVE-2012-2813

https://security-tracker.debian.org/tracker/CVE-2012-2814

https://security-tracker.debian.org/tracker/CVE-2012-2836

https://security-tracker.debian.org/tracker/CVE-2012-2837

https://security-tracker.debian.org/tracker/CVE-2012-2840

https://security-tracker.debian.org/tracker/CVE-2012-2841

https://packages.debian.org/source/squeeze/libexif

https://www.debian.org/security/2012/dsa-2559

Plugin Details

Severity: High

ID: 62599

File Name: debian_DSA-2559.nasl

Version: 1.12

Type: local

Agent: unix

Published: 10/18/2012

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libexif, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 10/11/2012

Reference Information

CVE: CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841

BID: 54437

DSA: 2559