libexif (and exif) 0.6.21 have been released to fix a number of security vulnerabilities. It should be a drop-in replacement for 0.6.20.
http://sourceforge.net/mailarchive/message.php?msg_id=29534027
Test & stabilize: =media-libs/libexif-0.6.21 =media-gfx/exif-0.6.21
Thanks for the report.
Builds fine on x86, redeps build and run fine. Please mark stable for x86.
amd64 stable
x86 stable. Thanks Myckel.
alpha/arm/ia64/s390/sh/sparc stable
Stable for HPPA.
CVE-2012-2845 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2845): Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file. CVE-2012-2841 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2841): Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. CVE-2012-2840 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2840): Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. CVE-2012-2837 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2837): The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags. CVE-2012-2836 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2836): The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. CVE-2012-2814 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2814): Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. CVE-2012-2813 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2813): The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. CVE-2012-2812 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2812): The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
ppc stable.
ppc64 stable, last arch done
Thanks, everyone. Already on existing GLSA draft, ready for review.
This issue was resolved and addressed in GLSA 201401-10 at http://security.gentoo.org/glsa/glsa-201401-10.xml by GLSA coordinator Sean Amoss (ackle).