Multiple vulnerabilities have been reported in libexif, which can be exploited by malicious people to disclose certain sensitive information, cause a DoS (Denial of Service), and compromise an application using the library.

1) An out-of-bounds read error within the "exif_entry_get_value()" function (libexif/exif-entry.c) when handling the EXIF_TAG_COPYRIGHT tag can be exploited to cause a crash or disclose process memory.

2) An out-of-bounds read error within the "exif_convert_utf16_to_utf8()" function (libexif/exif-entry.c) when handling UTF16 encoded images can be exploited to cause a crash or disclose process memory.

3) Some errors within the "exif_entry_format_value()" function (libexif/exif-entry.c) when handling EXIF tags can be exploited to cause buffer overflows.

4) An integer overflow error within the "exif_data_load_data()" function (libexif/exif-data.c) when parsing certain headers can be exploited to cause a buffer overflow.

5) A divide-by-zero error within the "mnote_olympus_entry_get_value()" function (libexif/olympus/mnote-olympus-entry.c) when parsing image color information can be exploited to cause a crash.

6) An off-by-one error within the "exif_convert_utf16_to_utf8()" function (libexif/exif-utils.c) handling UTF16 encoded images can be exploited to corrupt memory.

7) An integer overflow error within the "exif_entry_get_value()" function (libexif/exif-entry.c) can be exploited to cause a buffer overflow.

8) An integer overflow error within the "jpeg_data_load_data()" function can be exploited to cause a buffer overflow.

Successful exploitation of vulnerabilities #3, #4, #6, #7, and #8 may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 0.6.21.

Solution
Update to version 0.6.21.

Provided and/or discovered by
The vendor credits:
1, 2, 3) Mateusz Jurczyk, Google Security Team
4, 5) Yunho Kim
6, 7, 8) Dan Fandrich

Original Advisory
http://sourceforge.net/mailarchive/message.php?msg_id=29534027

Deep Links
Links available to Secunia VIM customers