Oracle Solaris Third-Party Patch Update : libexif (multiple_vulnerabilities_in_libexif1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- The exif_entry_get_value function in exif-entry.c in the
EXIF Tag Parsing Library (aka libexif) before 0.6.21
allows remote attackers to cause a denial of service
(out-of-bounds read) or possibly obtain sensitive
information from process memory via crafted EXIF tags in
an image. (CVE-2012-2812)

- The exif_convert_utf16_to_utf8 function in exif-entry.c
in the EXIF Tag Parsing Library (aka libexif) before
0.6.21 allows remote attackers to cause a denial of
service (out-of-bounds read) or possibly obtain
sensitive information from process memory via crafted
EXIF tags in an image. (CVE-2012-2813)

- Buffer overflow in the exif_entry_format_value function
in exif-entry.c in the EXIF Tag Parsing Library (aka
libexif) 0.6.20 allows remote attackers to cause a
denial of service or possibly execute arbitrary code via
crafted EXIF tags in an image. (CVE-2012-2814)

- The exif_data_load_data function in exif-data.c in the
EXIF Tag Parsing Library (aka libexif) before 0.6.21
allows remote attackers to cause a denial of service
(out-of-bounds read) or possibly obtain sensitive
information from process memory via crafted EXIF tags in
an image. (CVE-2012-2836)

- The mnote_olympus_entry_get_value function in
olympus/mnote-olympus-entry.c in the EXIF Tag Parsing
Library (aka libexif) before 0.6.21 allows remote
attackers to cause a denial of service (divide-by-zero
error) via an image with crafted EXIF tags that are not
properly handled during the formatting of EXIF maker
note tags. (CVE-2012-2837)

- Off-by-one error in the exif_convert_utf16_to_utf8
function in exif-entry.c in the EXIF Tag Parsing Library
(aka libexif) before 0.6.21 allows remote attackers to
cause a denial of service or possibly execute arbitrary
code via crafted EXIF tags in an image. (CVE-2012-2840)

- Integer underflow in the exif_entry_get_value function
in exif-entry.c in the EXIF Tag Parsing Library (aka
libexif) 0.6.20 might allow remote attackers to execute
arbitrary code via vectors involving a crafted
buffer-size parameter during the formatting of an EXIF
tag, leading to a heap-based buffer overflow.
(CVE-2012-2841)

- Integer overflow in the jpeg_data_load_data function in
jpeg-data.c in libjpeg in exif 0.6.20 allows remote
attackers to cause a denial of service (buffer over-read
and application crash) or obtain potentially sensitive
information via a crafted JPEG file. (CVE-2012-2845)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?aa73227e

Solution :

Upgrade to Solaris 11/11 SRU 12.4.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80668 ()

Bugtraq ID:

CVE ID: CVE-2012-2812
CVE-2012-2813
CVE-2012-2814
CVE-2012-2836
CVE-2012-2837
CVE-2012-2840
CVE-2012-2841
CVE-2012-2845

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now