libexif-0.6.21-5.AXS4
エラータID: AXSA:2012-974:01
Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags.
Security issues fixed with this release:
• CVE-2012-2812
The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
• CVE-2012-2813
The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
• CVE-2012-2814
Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
• CVE-2012-2836
The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
• CVE-2012-2837
The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.
• CVE-2012-2840
Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
• CVE-2012-2841
Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.
Update packages.
The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.
Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.
N/A
SRPMS
- libdvdread-4.1.4-0.3.svn1183.AXS4.src.rpm
MD5: 563cadcb066a7c827ccd38ac1d6ea201
SHA-256: 0d42584be614b2d29e8014dd352f857fd63942906e3bdc79575edf3425107be7
Size: 105.58 kB - libexif-0.6.21-5.AXS4.src.rpm
MD5: 86605e63195608c6390c9d5389b48333
SHA-256: 12ace2a53af81c63bb572e493817381dd49e0d26415e663f66ab5e9c6cf2c22c
Size: 1.48 MB
Asianux Server 4 for x86
- libdvdread-4.1.4-0.3.svn1183.AXS4.i686.rpm
MD5: 0d5fe0c41368fb4821a1c7811c4e12bc
SHA-256: bcef359aae7690e7a175553199aec7347c5fad80ae06f1fe594034cca15cdb52
Size: 62.67 kB - libexif-0.6.21-5.AXS4.i686.rpm
MD5: a736f8baa97d9da638508c81a2c1b499
SHA-256: 478747d5e538c4bb4a2814848098ed5acd75f8b7846125d57d2d280bfc196763
Size: 347.06 kB - libexif-devel-0.6.21-5.AXS4.i686.rpm
MD5: 8870d1fc1c77848bc37c5d31397119ec
SHA-256: 0bd913e3fa8eda679470f5bc1acd7174b9657861586ef7cb59c4c831419ba12f
Size: 78.89 kB
Asianux Server 4 for x86_64
- libdvdread-4.1.4-0.3.svn1183.AXS4.x86_64.rpm
MD5: 1ccf9c6a9b8f2d9fa102ba10de6f5ecc
SHA-256: aafccda4b8b83beea75e4926097cfd1cb4f231ca54e85269daadfb264f31c731
Size: 61.73 kB - libexif-0.6.21-5.AXS4.x86_64.rpm
MD5: 47ab69ea5254bf90d0b68a541beb6dd6
SHA-256: 412bb4f254d6de262b963020d2fe1bcc3ff476ff023967cf0188556b1c9f7d00
Size: 349.41 kB - libexif-devel-0.6.21-5.AXS4.x86_64.rpm
MD5: 4f863119df6387be2abca312f5d6f060
SHA-256: 42bb064d977cf14f5580c928feca3160513f25949d30d203b37c2a76e8a5a529
Size: 78.44 kB - libexif-0.6.21-5.AXS4.i686.rpm
MD5: a736f8baa97d9da638508c81a2c1b499
SHA-256: 478747d5e538c4bb4a2814848098ed5acd75f8b7846125d57d2d280bfc196763
Size: 347.06 kB - libexif-devel-0.6.21-5.AXS4.i686.rpm
MD5: 8870d1fc1c77848bc37c5d31397119ec
SHA-256: 0bd913e3fa8eda679470f5bc1acd7174b9657861586ef7cb59c4c831419ba12f
Size: 78.89 kB
日本語