Buffer overflow in libexif (Alpine package)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2012-2814 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
libexif (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU1477
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2012-2814
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing images in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library. A remote attacker can create crafted EXIF tags in an image, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionslibexif (Alpine package): 0.6.17-r0 - 0.6.20-r1
CPE2.3- cpe:2.3:o:alpine:libexif_alpine_package:0.6.17-r0:*:*:*:*:alpine_linux:*:1.9
- cpe:2.3:o:alpine:libexif_alpine_package:0.6.19-r0:*:*:*:*:alpine_linux:*:1.10
- cpe:2.3:o:alpine:libexif_alpine_package:0.6.19-r3:*:*:*:*:alpine_linux:*:2.0
https://git.alpinelinux.org/aports/commit/?id=5dea23e076ed7123339473f529d74d8a9362e7c6
https://git.alpinelinux.org/aports/commit/?id=726529dabef044127d02831c4b26fa6c6fc9d5f5
https://git.alpinelinux.org/aports/commit/?id=7d1a8137daa5c1f5312ad957dc1857027b8999df
https://git.alpinelinux.org/aports/commit/?id=9959b863135bbaa1251dbddfa038c9256e155702
https://git.alpinelinux.org/aports/commit/?id=cc9c8ab403cd5dfa204be58c326dd98d0702d70c
https://git.alpinelinux.org/aports/commit/?id=06c00380098485f50412c75cbffb75a9764ea549
https://git.alpinelinux.org/aports/commit/?id=0945eb55f2b2645eda75587579421dcbb93d7006
https://git.alpinelinux.org/aports/commit/?id=b8e5bb1c9488b158a055c14fb1b78e087cc14e85
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
