cpe:/a:curtis_galloway:libexif:0.6.14 cpe:/a:curtis_galloway:libexif:0.6.15 cpe:/a:curtis_galloway:libexif:0.6.16 cpe:/a:curtis_galloway:libexif:0.6.18 cpe:/a:curtis_galloway:libexif:0.6.19 cpe:/a:curtis_galloway:libexif:0.6.20 CVE-2012-2836 2012-07-13T06:34:59.467-04:00 2016-11-28T14:08:06.840-05:00 6.4 NETWORK LOW NONE PARTIAL NONE PARTIAL http://nvd.nist.gov 2012-07-13T14:14:00.000-04:00 SECUNIA 49988 BID 54437 DEBIAN DSA-2559 REDHAT RHSA-2012:1255 SUSE SUSE-SU-2012:0902 SUSE SUSE-SU-2012:0903 UBUNTU USN-1513-1 MLIST [libexif-devel] 20120712 libexif project security advisory July 12, 2012 The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.