Launchpad CVE tracker

CVE 2012-2845

Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.

Related bugs and status

CVE-2012-2845 (Candidate) is related to these bugs:

Bug #1024213: libexif 0.6.21 and exif 0.6.21 were released to fix various overflows and related issues.

Summary				In	Importance	Status
	1024213	libexif 0.6.21 and exif 0.6.21 were released to fix various overflows and related issues.		libexif (Ubuntu)	Undecided	Fix Released
	1024213	libexif 0.6.21 and exif 0.6.21 were released to fix various overflows and related issues.		libexif (openSUSE)	High	Fix Released

Bug #1028766: Sync exif 0.6.20-2 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1028766	Sync exif 0.6.20-2 (universe) from Debian unstable (main)		exif (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-2845

References