libexif, exif: Multiple vulnerabilities

libexif, exif: Multiple vulnerabilities Multiple vulnerabilities have been found in libexif and exif, some of which may allow execution of arbitrary code. libexif 2014-01-19 2014-01-19 426366 remote 0.6.21 0.6.21 0.6.21 0.6.21

libexif is a library for parsing, editing and saving Exif metadata from images. exif is a small command line interface for libexif.

Multiple vulnerabilities have been discovered in libexif and exif. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to open a specially crafted image file using exif or an application linked against libexif, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

There is no known workaround at this time.

All libexif users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.21"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

All exif users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-gfx/exif-0.6.21"

CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2012-2845 ackle ackle