Vulnerability-Lookup

CVE-2012-2841 (GCVE-0-2012-2841)

Vulnerability from cvelistv5 – Published: 2012-07-13 10:00 – Updated: 2024-08-06 19:42

Summary

Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.

Severity

No CVSS data available.

CWE

Assigner

Chrome

References

8 references

URL	Tags
http://www.securityfocus.com/bid/54437	vdb-entryx_refsource_BID
http://www.debian.org/security/2012/dsa-2559	vendor-advisoryx_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://sourceforge.net/mailarchive/message.php?ms…	mailing-listx_refsource_MLIST
http://secunia.com/advisories/49988	third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-1255.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1513-1	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Date Public

2012-07-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:42:32.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "54437",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54437"
          },
          {
            "name": "DSA-2559",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2559"
          },
          {
            "name": "SUSE-SU-2012:0903",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html"
          },
          {
            "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027"
          },
          {
            "name": "49988",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49988"
          },
          {
            "name": "RHSA-2012:1255",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html"
          },
          {
            "name": "USN-1513-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1513-1"
          },
          {
            "name": "SUSE-SU-2012:0902",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "54437",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54437"
        },
        {
          "name": "DSA-2559",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2559"
        },
        {
          "name": "SUSE-SU-2012:0903",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html"
        },
        {
          "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027"
        },
        {
          "name": "49988",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49988"
        },
        {
          "name": "RHSA-2012:1255",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html"
        },
        {
          "name": "USN-1513-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1513-1"
        },
        {
          "name": "SUSE-SU-2012:0902",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2012-2841",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "54437",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54437"
            },
            {
              "name": "DSA-2559",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2559"
            },
            {
              "name": "SUSE-SU-2012:0903",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html"
            },
            {
              "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012",
              "refsource": "MLIST",
              "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027"
            },
            {
              "name": "49988",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49988"
            },
            {
              "name": "RHSA-2012:1255",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html"
            },
            {
              "name": "USN-1513-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1513-1"
            },
            {
              "name": "SUSE-SU-2012:0902",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2012-2841",
    "datePublished": "2012-07-13T10:00:00.000Z",
    "dateReserved": "2012-05-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:42:32.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2012-2841",
      "date": "2026-06-05",
      "epss": "0.04256",
      "percentile": "0.89015"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-2841\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2012-07-13T10:34:59.593\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de enteros en la funci\u00f3n exif_entry_get_value en Exif-entry.c en la biblioteca EXIF Tag Parsing Library (tambi\u00e9n conocida como libexif) v0.6.20 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con par\u00e1metro \\\"buffer-size\\\" modificado a mano durante el formateo de una etiqueta EXIF, dando lugar a un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexif_project:libexif:0.6.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F067C873-83E4-4094-A899-938E6122E926\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1255.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://secunia.com/advisories/49988\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://sourceforge.net/mailarchive/message.php?msg_id=29534027\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2559\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/54437\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1513-1\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1255.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/49988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/mailarchive/message.php?msg_id=29534027\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/54437\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1513-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

BDU:2015-04367

Vulnerability from fstec - Published: None

Title

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Description

Множественные уязвимости пакета libexif операционной системы SUSE Linux Enterprise, эксплуатация которых может привести к нарушению конфиденциальности, целостности и доступности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно

Severity

Vendor

Novell Inc.

Software Name

SUSE Linux Enterprise

Software Version

Server 11 SP2 (SUSE Linux Enterprise), Desktop 11 SP2 (SUSE Linux Enterprise), Server 11 SP1 (SUSE Linux Enterprise), Desktop 11 SP1 (SUSE Linux Enterprise)

Possible Mitigations

Установка обновления в соответствии с инструкцией по безопасности, доступной по адресу: http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "Server 11 SP2 (SUSE Linux Enterprise), Desktop 11 SP2 (SUSE Linux Enterprise), Server 11 SP1 (SUSE Linux Enterprise), Desktop 11 SP1 (SUSE Linux Enterprise)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0435\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443: http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": null,
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.04.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-04367",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SUSE Linux Enterprise",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 libexif \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

BDU:2015-04368

Vulnerability from fstec - Published: None

Title

Description

Множественные уязвимости пакета libexif-32bit операционной системы SUSE Linux Enterprise, эксплуатация которых может привести к нарушению конфиденциальности, целостности и доступности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно

Severity

Vendor

Novell Inc.

Software Name

SUSE Linux Enterprise

Software Version

Server 11 SP2 (SUSE Linux Enterprise), Desktop 11 SP2 (SUSE Linux Enterprise), Server 11 SP1 (SUSE Linux Enterprise), Desktop 11 SP1 (SUSE Linux Enterprise)

Possible Mitigations

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "Server 11 SP2 (SUSE Linux Enterprise), Desktop 11 SP2 (SUSE Linux Enterprise), Server 11 SP1 (SUSE Linux Enterprise), Desktop 11 SP1 (SUSE Linux Enterprise)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0435\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443: http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": null,
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.04.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-04368",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SUSE Linux Enterprise",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 libexif-32bit \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

BDU:2015-04369

Vulnerability from fstec - Published: None

Title

Description

Множественные уязвимости пакета libexif-devel операционной системы SUSE Linux Enterprise, эксплуатация которых может привести к нарушению конфиденциальности, целостности и доступности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно

Severity

Vendor

Novell Inc.

Software Name

SUSE Linux Enterprise

Software Version

Server 11 SP2 (SUSE Linux Enterprise), Desktop 11 SP2 (SUSE Linux Enterprise), Server 11 SP1 (SUSE Linux Enterprise), Desktop 11 SP1 (SUSE Linux Enterprise)

Possible Mitigations

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "Server 11 SP2 (SUSE Linux Enterprise), Desktop 11 SP2 (SUSE Linux Enterprise), Server 11 SP1 (SUSE Linux Enterprise), Desktop 11 SP1 (SUSE Linux Enterprise)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0435\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443: http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": null,
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.04.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-04369",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SUSE Linux Enterprise",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 libexif-devel \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

BDU:2015-04608

Vulnerability from fstec - Published: None

Title

Description

Множественные уязвимости пакета libexif-64bit операционной системы SUSE Linux Enterprise, эксплуатация которых может привести к нарушению конфиденциальности, целостности и доступности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно

Severity

Vendor

Novell Inc.

Software Name

SUSE Linux Enterprise

Software Version

Server 10 SP4 (SUSE Linux Enterprise), Desktop 10 SP4 (SUSE Linux Enterprise)

Possible Mitigations

Установка обновления в соответствии с инструкцией по безопасности, доступной по адресу: http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "Server 10 SP4 (SUSE Linux Enterprise), Desktop 10 SP4 (SUSE Linux Enterprise)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0435\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443: http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": null,
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.04.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-04608",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2012-2812, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2841",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SUSE Linux Enterprise",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 libexif-64bit \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CERTA-2012-AVI-392

Vulnerability from certfr_avis - Published: 2012-07-17 - Updated: 2012-07-17

Plusieurs vulnérabilités ont été corrigées dans libexif. Plusieurs d'entre elles concernent des débordement de tampon. Elles permettent à un utilisateur malintentionné d'exécuter du code arbitraire au moyen d'une image contenant des tags EXIF spécialements conçus.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

libexif versions 0.6.20 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CERTA-2013-AVI-416

Vulnerability from certfr_avis - Published: 2013-07-17 - Updated: 2013-07-17

De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Solaris 11
Oracle	N/A	Oracle Solaris 11.1
Oracle	N/A	Oracle Solaris 10
Oracle	N/A	Oracle Solaris 9

References

Title

Publication Time

FKIE_CVE-2012-2841

Vulnerability from fkie_nvd - Published: 2012-07-13 10:34 - Updated: 2026-04-29 01:13

Severity

Summary

References

	URL	Tags
	chrome-cve-admin@google.com	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html
	chrome-cve-admin@google.com	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html
	chrome-cve-admin@google.com	http://rhn.redhat.com/errata/RHSA-2012-1255.html
	chrome-cve-admin@google.com	http://secunia.com/advisories/49988
	chrome-cve-admin@google.com	http://sourceforge.net/mailarchive/message.php?msg_id=29534027
	chrome-cve-admin@google.com	http://www.debian.org/security/2012/dsa-2559
	chrome-cve-admin@google.com	http://www.securityfocus.com/bid/54437
	chrome-cve-admin@google.com	http://www.ubuntu.com/usn/USN-1513-1
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1255.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49988
	af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/mailarchive/message.php?msg_id=29534027
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2559
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54437
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1513-1

Impacted products

	Vendor	Product	Version
	libexif_project	libexif	0.6.20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libexif_project:libexif:0.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F067C873-83E4-4094-A899-938E6122E926",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de enteros en la funci\u00f3n exif_entry_get_value en Exif-entry.c en la biblioteca EXIF Tag Parsing Library (tambi\u00e9n conocida como libexif) v0.6.20 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con par\u00e1metro \"buffer-size\" modificado a mano durante el formateo de una etiqueta EXIF, dando lugar a un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."
    }
  ],
  "id": "CVE-2012-2841",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-13T10:34:59.593",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://secunia.com/advisories/49988"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.debian.org/security/2012/dsa-2559"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.securityfocus.com/bid/54437"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.ubuntu.com/usn/USN-1513-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1513-1"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-GF6F-3MXG-9758

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-05-13 01:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2841"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-07-13T10:34:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.",
  "id": "GHSA-gf6f-3mxg-9758",
  "modified": "2022-05-13T01:11:55Z",
  "published": "2022-05-13T01:11:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2841"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49988"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2559"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/54437"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1513-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2012-2841

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-2841

Aliases

CVE-2012-2841

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2841",
    "description": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.",
    "id": "GSD-2012-2841",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-2841.html",
      "https://www.debian.org/security/2012/dsa-2559",
      "https://access.redhat.com/errata/RHSA-2012:1255",
      "https://alas.aws.amazon.com/cve/html/CVE-2012-2841.html",
      "https://linux.oracle.com/cve/CVE-2012-2841.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2841"
      ],
      "details": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.",
      "id": "GSD-2012-2841",
      "modified": "2023-12-13T01:20:16.460470Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@google.com",
        "ID": "CVE-2012-2841",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "54437",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/54437"
          },
          {
            "name": "DSA-2559",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2559"
          },
          {
            "name": "SUSE-SU-2012:0903",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html"
          },
          {
            "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012",
            "refsource": "MLIST",
            "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027"
          },
          {
            "name": "49988",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49988"
          },
          {
            "name": "RHSA-2012:1255",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html"
          },
          {
            "name": "USN-1513-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1513-1"
          },
          {
            "name": "SUSE-SU-2012:0902",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libexif_project:libexif:0.6.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2012-2841"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027"
            },
            {
              "name": "SUSE-SU-2012:0902",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html"
            },
            {
              "name": "SUSE-SU-2012:0903",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html"
            },
            {
              "name": "USN-1513-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1513-1"
            },
            {
              "name": "RHSA-2012:1255",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html"
            },
            {
              "name": "DSA-2559",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2559"
            },
            {
              "name": "49988",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49988"
            },
            {
              "name": "54437",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/54437"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-01-26T13:07Z",
      "publishedDate": "2012-07-13T10:34Z"
    }
  }
}

OPENSUSE-SU-2024:10510-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libexif-devel-0.6.21-10.8 on GA media

Severity

Moderate

Notes

Title of the patch: libexif-devel-0.6.21-10.8 on GA media

Description of the patch: These are all security issues fixed in the libexif-devel-0.6.21-10.8 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-10510

CVE-2012-2812

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2012-2813

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2012-2814

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2012-2836

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2012-2837

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2012-2840

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2012-2841

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64	—	Vendor Fix

Threats

Impact important

References

30 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2012-2812/	self
https://www.suse.com/security/cve/CVE-2012-2813/	self
https://www.suse.com/security/cve/CVE-2012-2814/	self
https://www.suse.com/security/cve/CVE-2012-2836/	self
https://www.suse.com/security/cve/CVE-2012-2837/	self
https://www.suse.com/security/cve/CVE-2012-2840/	self
https://www.suse.com/security/cve/CVE-2012-2841/	self
https://www.suse.com/security/cve/CVE-2012-2812	external
https://bugzilla.suse.com/771229	external
https://bugzilla.suse.com/831515	external
https://www.suse.com/security/cve/CVE-2012-2813	external
https://bugzilla.suse.com/771229	external
https://bugzilla.suse.com/831515	external
https://www.suse.com/security/cve/CVE-2012-2814	external
https://bugzilla.suse.com/771229	external
https://bugzilla.suse.com/831515	external
https://www.suse.com/security/cve/CVE-2012-2836	external
https://bugzilla.suse.com/771229	external
https://bugzilla.suse.com/831515	external
https://www.suse.com/security/cve/CVE-2012-2837	external
https://bugzilla.suse.com/771229	external
https://bugzilla.suse.com/831515	external
https://www.suse.com/security/cve/CVE-2012-2840	external
https://bugzilla.suse.com/771229	external
https://bugzilla.suse.com/831515	external
https://www.suse.com/security/cve/CVE-2012-2841	external
https://bugzilla.suse.com/771229	external
https://bugzilla.suse.com/831515	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libexif-devel-0.6.21-10.8 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libexif-devel-0.6.21-10.8 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10510",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10510-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-2812 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-2812/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-2813 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-2813/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-2814 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-2814/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-2836 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-2836/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-2837 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-2837/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-2840 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-2840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-2841 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-2841/"
      }
    ],
    "title": "libexif-devel-0.6.21-10.8 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10510-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libexif-devel-0.6.21-10.8.aarch64",
                "product": {
                  "name": "libexif-devel-0.6.21-10.8.aarch64",
                  "product_id": "libexif-devel-0.6.21-10.8.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexif12-0.6.21-10.8.aarch64",
                "product": {
                  "name": "libexif12-0.6.21-10.8.aarch64",
                  "product_id": "libexif12-0.6.21-10.8.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexif12-32bit-0.6.21-10.8.aarch64",
                "product": {
                  "name": "libexif12-32bit-0.6.21-10.8.aarch64",
                  "product_id": "libexif12-32bit-0.6.21-10.8.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libexif-devel-0.6.21-10.8.ppc64le",
                "product": {
                  "name": "libexif-devel-0.6.21-10.8.ppc64le",
                  "product_id": "libexif-devel-0.6.21-10.8.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexif12-0.6.21-10.8.ppc64le",
                "product": {
                  "name": "libexif12-0.6.21-10.8.ppc64le",
                  "product_id": "libexif12-0.6.21-10.8.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexif12-32bit-0.6.21-10.8.ppc64le",
                "product": {
                  "name": "libexif12-32bit-0.6.21-10.8.ppc64le",
                  "product_id": "libexif12-32bit-0.6.21-10.8.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libexif-devel-0.6.21-10.8.s390x",
                "product": {
                  "name": "libexif-devel-0.6.21-10.8.s390x",
                  "product_id": "libexif-devel-0.6.21-10.8.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexif12-0.6.21-10.8.s390x",
                "product": {
                  "name": "libexif12-0.6.21-10.8.s390x",
                  "product_id": "libexif12-0.6.21-10.8.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexif12-32bit-0.6.21-10.8.s390x",
                "product": {
                  "name": "libexif12-32bit-0.6.21-10.8.s390x",
                  "product_id": "libexif12-32bit-0.6.21-10.8.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libexif-devel-0.6.21-10.8.x86_64",
                "product": {
                  "name": "libexif-devel-0.6.21-10.8.x86_64",
                  "product_id": "libexif-devel-0.6.21-10.8.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexif12-0.6.21-10.8.x86_64",
                "product": {
                  "name": "libexif12-0.6.21-10.8.x86_64",
                  "product_id": "libexif12-0.6.21-10.8.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexif12-32bit-0.6.21-10.8.x86_64",
                "product": {
                  "name": "libexif12-32bit-0.6.21-10.8.x86_64",
                  "product_id": "libexif12-32bit-0.6.21-10.8.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif-devel-0.6.21-10.8.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64"
        },
        "product_reference": "libexif-devel-0.6.21-10.8.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif-devel-0.6.21-10.8.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le"
        },
        "product_reference": "libexif-devel-0.6.21-10.8.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif-devel-0.6.21-10.8.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x"
        },
        "product_reference": "libexif-devel-0.6.21-10.8.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif-devel-0.6.21-10.8.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64"
        },
        "product_reference": "libexif-devel-0.6.21-10.8.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif12-0.6.21-10.8.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64"
        },
        "product_reference": "libexif12-0.6.21-10.8.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif12-0.6.21-10.8.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le"
        },
        "product_reference": "libexif12-0.6.21-10.8.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif12-0.6.21-10.8.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x"
        },
        "product_reference": "libexif12-0.6.21-10.8.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif12-0.6.21-10.8.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64"
        },
        "product_reference": "libexif12-0.6.21-10.8.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif12-32bit-0.6.21-10.8.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64"
        },
        "product_reference": "libexif12-32bit-0.6.21-10.8.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif12-32bit-0.6.21-10.8.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le"
        },
        "product_reference": "libexif12-32bit-0.6.21-10.8.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif12-32bit-0.6.21-10.8.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x"
        },
        "product_reference": "libexif12-32bit-0.6.21-10.8.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexif12-32bit-0.6.21-10.8.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
        },
        "product_reference": "libexif12-32bit-0.6.21-10.8.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-2812",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-2812"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-2812",
          "url": "https://www.suse.com/security/cve/CVE-2012-2812"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 771229 for CVE-2012-2812",
          "url": "https://bugzilla.suse.com/771229"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 831515 for CVE-2012-2812",
          "url": "https://bugzilla.suse.com/831515"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2012-2812"
    },
    {
      "cve": "CVE-2012-2813",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-2813"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-2813",
          "url": "https://www.suse.com/security/cve/CVE-2012-2813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 771229 for CVE-2012-2813",
          "url": "https://bugzilla.suse.com/771229"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 831515 for CVE-2012-2813",
          "url": "https://bugzilla.suse.com/831515"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2012-2813"
    },
    {
      "cve": "CVE-2012-2814",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-2814"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-2814",
          "url": "https://www.suse.com/security/cve/CVE-2012-2814"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 771229 for CVE-2012-2814",
          "url": "https://bugzilla.suse.com/771229"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 831515 for CVE-2012-2814",
          "url": "https://bugzilla.suse.com/831515"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2012-2814"
    },
    {
      "cve": "CVE-2012-2836",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-2836"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-2836",
          "url": "https://www.suse.com/security/cve/CVE-2012-2836"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 771229 for CVE-2012-2836",
          "url": "https://bugzilla.suse.com/771229"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 831515 for CVE-2012-2836",
          "url": "https://bugzilla.suse.com/831515"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2012-2836"
    },
    {
      "cve": "CVE-2012-2837",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-2837"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-2837",
          "url": "https://www.suse.com/security/cve/CVE-2012-2837"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 771229 for CVE-2012-2837",
          "url": "https://bugzilla.suse.com/771229"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 831515 for CVE-2012-2837",
          "url": "https://bugzilla.suse.com/831515"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2012-2837"
    },
    {
      "cve": "CVE-2012-2840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-2840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-2840",
          "url": "https://www.suse.com/security/cve/CVE-2012-2840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 771229 for CVE-2012-2840",
          "url": "https://bugzilla.suse.com/771229"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 831515 for CVE-2012-2840",
          "url": "https://bugzilla.suse.com/831515"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2012-2840"
    },
    {
      "cve": "CVE-2012-2841",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-2841"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
          "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-2841",
          "url": "https://www.suse.com/security/cve/CVE-2012-2841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 771229 for CVE-2012-2841",
          "url": "https://bugzilla.suse.com/771229"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 831515 for CVE-2012-2841",
          "url": "https://bugzilla.suse.com/831515"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif-devel-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-0.6.21-10.8.x86_64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.aarch64",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.ppc64le",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.s390x",
            "openSUSE Tumbleweed:libexif12-32bit-0.6.21-10.8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2012-2841"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2841 (GCVE-0-2012-2841)

Solution

Solution

Tags

Sightings

Nomenclature