Vulnerabilities > CVE-2012-2845 - Numeric Errors vulnerability in Curtis Galloway Exif 0.6.20
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-10854.NASL description - Update to 0.6.21 - Fix CVE-2012-2845 (RHBZ #840002,#840003) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-07-27 plugin id 60132 published 2012-07-27 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/60132 title Fedora 17 : exif-0.6.21-1.fc17 (2012-10854) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-10854. # include("compat.inc"); if (description) { script_id(60132); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-2845"); script_bugtraq_id(54437); script_xref(name:"FEDORA", value:"2012-10854"); script_name(english:"Fedora 17 : exif-0.6.21-1.fc17 (2012-10854)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 0.6.21 - Fix CVE-2012-2845 (RHBZ #840002,#840003) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=840002" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/084285.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3369ef5b" ); script_set_attribute(attribute:"solution", value:"Update the affected exif package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:exif"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"exif-0.6.21-1.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exif"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D881D25470C611E2862D080027A5EC9A.NASL description libexif project security advisory : A number of remotely exploitable issues were discovered in libexif and exif, with effects ranging from information leakage to potential remote code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 65560 published 2013-03-15 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65560 title FreeBSD : libexif -- multiple remote vulnerabilities (d881d254-70c6-11e2-862d-080027a5ec9a) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(65560); script_version("1.4"); script_cvs_date("Date: 2018/11/10 11:49:43"); script_cve_id("CVE-2012-2812", "CVE-2012-2813", "CVE-2012-2814", "CVE-2012-2836", "CVE-2012-2837", "CVE-2012-2840", "CVE-2012-2841", "CVE-2012-2845"); script_bugtraq_id(54437); script_name(english:"FreeBSD : libexif -- multiple remote vulnerabilities (d881d254-70c6-11e2-862d-080027a5ec9a)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "libexif project security advisory : A number of remotely exploitable issues were discovered in libexif and exif, with effects ranging from information leakage to potential remote code execution." ); # https://vuxml.freebsd.org/freebsd/d881d254-70c6-11e2-862d-080027a5ec9a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b576bd5f" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libexif"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/12"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"libexif<0.6.21")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-036.NASL description A vulnerability has been discovered and corrected in exif : An integer overflow in the function jpeg_data_load_data in the exif program could cause a data read beyond the end of a buffer, causing an application crash or leakage of potentially sensitive information when parsing a crafted JPEG file (CVE-2012-2845). The updated packages have been upgraded to the 0.6.21 version which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 66050 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66050 title Mandriva Linux Security Advisory : exif (MDVSA-2013:036) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:036. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(66050); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2012-2845"); script_bugtraq_id(54437); script_xref(name:"MDVSA", value:"2013:036"); script_name(english:"Mandriva Linux Security Advisory : exif (MDVSA-2013:036)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability has been discovered and corrected in exif : An integer overflow in the function jpeg_data_load_data in the exif program could cause a data read beyond the end of a buffer, causing an application crash or leakage of potentially sensitive information when parsing a crafted JPEG file (CVE-2012-2845). The updated packages have been upgraded to the 0.6.21 version which is not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"https://sourceforge.net/p/libexif/mailman/message/29534027/" ); script_set_attribute(attribute:"solution", value:"Update the affected exif package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:exif"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"exif-0.6.21-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS11_LIBEXIF_20130716.NASL description The remote Solaris system is missing necessary patches to address security updates : - The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. (CVE-2012-2812) - The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. (CVE-2012-2813) - Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. (CVE-2012-2814) - The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. (CVE-2012-2836) - The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags. (CVE-2012-2837) - Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. (CVE-2012-2840) - Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. (CVE-2012-2841) - Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file. (CVE-2012-2845) last seen 2020-06-01 modified 2020-06-02 plugin id 80668 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80668 title Oracle Solaris Third-Party Patch Update : libexif (multiple_vulnerabilities_in_libexif1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80668); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-2812", "CVE-2012-2813", "CVE-2012-2814", "CVE-2012-2836", "CVE-2012-2837", "CVE-2012-2840", "CVE-2012-2841", "CVE-2012-2845"); script_name(english:"Oracle Solaris Third-Party Patch Update : libexif (multiple_vulnerabilities_in_libexif1)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. (CVE-2012-2812) - The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. (CVE-2012-2813) - Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. (CVE-2012-2814) - The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. (CVE-2012-2836) - The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags. (CVE-2012-2837) - Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. (CVE-2012-2840) - Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. (CVE-2012-2841) - Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file. (CVE-2012-2845)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-libexif script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9639707e" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 12.4."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:libexif"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^libexif$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "libexif"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.0.12.0.4.0", sru:"SRU 12.4") > 0) flag++; if (flag) { error_extra = 'Affected package : libexif\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "libexif");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2012-200-01.NASL description New libexif packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 60050 published 2012-07-19 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/60050 title Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : libexif (SSA:2012-200-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2012-200-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(60050); script_version("1.7"); script_cvs_date("Date: 2018/06/27 18:42:26"); script_cve_id("CVE-2012-2812", "CVE-2012-2813", "CVE-2012-2814", "CVE-2012-2836", "CVE-2012-2837", "CVE-2012-2840", "CVE-2012-2841", "CVE-2012-2845"); script_bugtraq_id(54437); script_xref(name:"SSA", value:"2012-200-01"); script_name(english:"Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : libexif (SSA:2012-200-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New libexif packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.546794 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6acd7782" ); script_set_attribute( attribute:"solution", value:"Update the affected libexif package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libexif"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"11.0", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++; if (slackware_check(osver:"12.0", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++; if (slackware_check(osver:"12.2", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"i486", pkgnum:"1_slack12.2")) flag++; if (slackware_check(osver:"13.0", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.1", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.37", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++; if (slackware_check(osver:"current", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.21", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2012-10819.NASL description - Update to 0.6.21 - Fix CVE-2012-2845 (RHBZ #840002,#840003) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-07-27 plugin id 60130 published 2012-07-27 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/60130 title Fedora 16 : exif-0.6.21-1.fc16 (2012-10819) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-107.NASL description A vulnerability has been discovered and corrected in exif : An integer overflow in the function jpeg_data_load_data in the exif program could cause a data read beyond the end of a buffer, causing an application crash or leakage of potentially sensitive information when parsing a crafted JPEG file (CVE-2012-2845). The updated packages have been upgraded to the 0.6.21 version which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 61960 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61960 title Mandriva Linux Security Advisory : exif (MDVSA-2012:107) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-10.NASL description The remote host is affected by the vulnerability described in GLSA-201401-10 (libexif, exif: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libexif and exif. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted image file using exif or an application linked against libexif, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72032 published 2014-01-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72032 title GLSA-201401-10 : libexif, exif: Multiple vulnerabilities