Mandriva Update For Exif MDVSA-2012:107 (exif) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been discovered and corrected in exif: An integer overflow in the function jpeg_data_load_data in the exif program could cause a data read beyond the end of a buffer, causing an application crash or leakage of potentially sensitive information when parsing a crafted JPEG file (CVE-2012-2845). The updated packages have been upgraded to the 0.6.21 version which is not vulnerable to this issue.

Affected

exif on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2

Severity

Classification

CVE CVE-2012-2845
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
Mandrake Security Advisory MDVSA-2009:031 (avahi)
Mandrake Security Advisory MDVSA-2009:177 (ruby)
Mandrake Security Advisory MDVSA-2009:175 (pango)

Mandriva Update for exif MDVSA-2012:107 (exif)

Take action and discover your vulnerabilities