CVE-2012-2845

Description

Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.

How to fix CVE-2012-2845

To remediate CVE-2012-2845, upgrade the affected package to a fixed version below.

• Alpine/libexif—upgrade to 0.6.21-r0 or later
• Debian/exif—upgrade to 0.6.20-2 or later

Is CVE-2012-2845 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.6.21-r0
• from 0, < 0.6.20-2

References (2)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2012-2845
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-2845