UbuntuUpdates.org

Package "libexif"

Name: libexif

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • library to parse EXIF files (development files)
  • library to parse EXIF files

Latest version: 0.6.20-2ubuntu0.7
Release: precise (12.04)
Level: updates
Repository: main

Links



Other versions of "libexif" in Precise

Repository Area Version
base main 0.6.20-2
security main 0.6.20-2ubuntu0.7

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.6.20-2ubuntu0.7 2021-05-03 15:06:26 UTC

  libexif (0.6.20-2ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-0452.patch: fixed a incorrect overflow check that could be
      optimized away in libexif/exif-entry.c.
    - CVE-2020-0452

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 06 Nov 2020 11:51:01 -0300

Source diff to previous version
CVE-2020-0452 libexif overflow check could be optimized away

Version: 0.6.20-2ubuntu0.1 2012-07-23 21:07:02 UTC

  libexif (0.6.20-2ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible info disclosure via
    corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
    - debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
      NUL-terminated in libexif/exif-entry.c.
    - CVE-2012-2812
  * SECURITY UPDATE: denial of service and possible info disclosure via
    UTF-16 tag (LP: #1024213)
    - debian/patches/CVE-2012-2813.patch: don't read past the end of a
      tag when converting from UTF-16 in libexif/exif-entry.c.
    - CVE-2012-2813
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2814.patch: fix buffer overflows in
      libexif/exif-entry.c.
    - CVE-2012-2814
  * SECURITY UPDATE: denial of service and possible info disclosure via
    crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2836.patch: fix buffer overflows in
      libexif/exif-data.c
    - CVE-2012-2836
  * SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2837.patch: fix some possible
      division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
    - CVE-2012-2837
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2840.patch: fix off-by-one in
      libexif/exif-utils.c.
    - CVE-2012-2840
  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect buffer size (LP: #1024213)
    - debian/patches/CVE-2012-2841.patch: validate buffer length in
      libexif/exif-entry.c.
    - CVE-2012-2841
 -- Marc Deslauriers <email address hidden> Thu, 19 Jul 2012 13:18:43 -0400

1024213 libexif 0.6.21 and exif 0.6.21 were released to fix various overflows and related issues.
CVE-2012-2812 The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denia
CVE-2012-2813 The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a
CVE-2012-2814 Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers t
CVE-2012-2836 The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial
CVE-2012-2837 The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote
CVE-2012-2840 Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote
CVE-2012-2841 Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attacke



About   -   Send Feedback to @ubuntu_updates