CVE-2012-2812

medium

Published 2012-07-13 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.4

VIR risk

6.4

Description

The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-2812

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`0.6.20-3`
debian	bullseye	fixed	`0.6.20-3`
debian	forky	fixed	`0.6.20-3`
debian	sid	fixed	`0.6.20-3`
debian	trixie	fixed	`0.6.20-3`

Application impact

Vendor	Product	Versions
libexif_project	libexif	`{"endIncluding":"0.6.20"}`
libexif_project	libexif	`0.6.14`
libexif_project	libexif	`0.6.15`
libexif_project	libexif	`0.6.16`
libexif_project	libexif	`0.6.18`
libexif_project	libexif	`0.6.19`

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.