The libexif packages provide an Exchangeable image file format (Exif)library. Exif allows metadata to be added to and read from certain typesof image files.Multiple flaws were found in the way libexif processed Exif tags. Anattacker could create a specially-crafted image file that, when opened inan application linked against libexif, could cause the application tocrash or, potentially, execute arbitrary code with the privileges of theuser running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814,CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841)Red Hat would like to thank Dan Fandrich for reporting these issues.Upstream acknowledges Mateusz Jurczyk of the Google Security Team as theoriginal reporter of CVE-2012-2812, CVE-2012-2813, and CVE-2012-2814; andYunho Kim as the original reporter of CVE-2012-2836 and CVE-2012-2837.Users of libexif are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues. All runningapplications linked against libexif must be restarted for the update totake effect.