CVE-2012-2837 : The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in t

The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.

Published 2012-07-13 10:35:00

Updated 2025-04-11 00:51:22

Source Chrome

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2012-2837

Libexif Project » Libexif
Versions up to, including, (<=) 0.6.20
cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*
Matching versions
Libexif Project » Libexif » Version: 0.6.14
cpe:2.3:a:libexif_project:libexif:0.6.14:*:*:*:*:*:*:*
Matching versions
Libexif Project » Libexif » Version: 0.6.15
cpe:2.3:a:libexif_project:libexif:0.6.15:*:*:*:*:*:*:*
Matching versions
Libexif Project » Libexif » Version: 0.6.18
cpe:2.3:a:libexif_project:libexif:0.6.18:*:*:*:*:*:*:*
Matching versions
Libexif Project » Libexif » Version: 0.6.16
cpe:2.3:a:libexif_project:libexif:0.6.16:*:*:*:*:*:*:*
Matching versions
Libexif Project » Libexif » Version: 0.6.19
cpe:2.3:a:libexif_project:libexif:0.6.19:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-2837

EPSS FAQ

1.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-2837

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2012-2837

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2837

http://www.debian.org/security/2012/dsa-2559

Debian -- Security Information -- DSA-2559-1 libexif

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1513-1

USN-1513-1: libexif vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://secunia.com/advisories/49988

Sign in

CVEs referencing this url
http://sourceforge.net/mailarchive/message.php?msg_id=29534027

EXIF Tag Parsing Library / [Libexif-devel] libexif project security advisory July 12, 2012

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2012-1255.html

RHSA-2012:1255 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html

[security-announce] SUSE-SU-2012:0903-1: important: Security update for

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html

[security-announce] SUSE-SU-2012:0902-1: important: Security update for

CVEs referencing this url
http://www.securityfocus.com/bid/54437

libexif Multiple Remote Vulnerabilities

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-2837

Products affected by CVE-2012-2837

Exploit prediction scoring system (EPSS) score for CVE-2012-2837

CVSS scores for CVE-2012-2837

CWE ids for CVE-2012-2837

References for CVE-2012-2837