MDVSA-2012:107

Package name

exif

Date

2012-07-13

Advisory ID

MDVSA-2012:107

Affected versions

MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problem description

A vulnerability has been discovered and corrected in exif:

An integer overflow in the function jpeg_data_load_data in the exif
program could cause a data read beyond the end of a buffer, causing
an application crash or leakage of potentially sensitive information
when parsing a crafted JPEG file (CVE-2012-2845).

The updated packages have been upgraded to the 0.6.21 version which
is not vulnerable to this issue.

Updated packages

MES5 i586

 150eb2c08f8611278553a3e6a7ca3854  mes5/i586/exif-0.6.21-0.1mdvmes5.2.i586.rpm 
 a006ed9018b5714df575bd155ecd3491  mes5/SRPMS/exif-0.6.21-0.1mdvmes5.2.src.rpm

2011 i586

 e95db8e686df9b5423c50372b1ede214  2011/i586/exif-0.6.21-0.1-mdv2011.0.i586.rpm 
 36d045bef55e838adffeb7ab440c1ab6  2011/SRPMS/exif-0.6.21-0.1.src.rpm

MES5 x86_64

 34451413271f02026f76aa593943e559  mes5/x86_64/exif-0.6.21-0.1mdvmes5.2.x86_64.rpm 
 a006ed9018b5714df575bd155ecd3491  mes5/SRPMS/exif-0.6.21-0.1mdvmes5.2.src.rpm

2011 x86_64

 8fa43ab4492ccdd24a5747f20c3b9bca  2011/x86_64/exif-0.6.21-0.1-mdv2011.0.x86_64.rpm 
 36d045bef55e838adffeb7ab440c1ab6  2011/SRPMS/exif-0.6.21-0.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845
• http://sourceforge.net/mailarchive/message.php?msg_id=29534027