Unrated severityNVD Advisory· Published Jul 13, 2012· Updated Apr 29, 2026
CVE-2012-2836
CVE-2012-2836
Description
The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
Affected products
6cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*range: <=0.6.20
- cpe:2.3:a:libexif_project:libexif:0.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:libexif_project:libexif:0.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:libexif_project:libexif:0.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:libexif_project:libexif:0.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:libexif_project:libexif:0.6.19:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-1255.htmlnvd
- secunia.com/advisories/49988nvd
- sourceforge.net/mailarchive/message.phpnvd
- www.debian.org/security/2012/dsa-2559nvd
- www.securityfocus.com/bid/54437nvd
- www.ubuntu.com/usn/USN-1513-1nvd
News mentions
0No linked articles in our index yet.