Source: exiv2
Version: 0.24-4.1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for exiv2.
CVE-2017-9239[0]:
| An issue was discovered in Exiv2 0.26. When the data structure of the
| structure ifd is incorrect, the program assigns pValue_ to 0x0, and the
| value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the
| value of pValue() to cause a segmentation fault. To exploit this
| vulnerability, someone must open a crafted tiff file.
"Demostrable" with convert-test, in unstable, but I think the very
same issue should be in 0.24 as well, since the code path should be
the same (but please confirm):
Program terminated with signal SIGSEGV, Segmentation fault.
#0 Exiv2::Internal::TiffImageEntry::doWriteImage (this=0x55fbc5220620,
ioWrapper=...)
at tiffcomposite.cpp:1610
1610 } // TiffIfdMakernote::doWriteImage
(gdb) bt
#0 Exiv2::Internal::TiffImageEntry::doWriteImage (this=0x55fbc5220620,
ioWrapper=...)
at tiffcomposite.cpp:1610
#1 0x00007f609169cb6d in Exiv2::Internal::TiffComponent::writeImage (
byteOrder=Exiv2::littleEndian, ioWrapper=..., this=<optimized out>) at
tiffcomposite.cpp:1555
#2 Exiv2::Internal::TiffDirectory::doWriteImage (this=0x55fbc521fc20,
ioWrapper=...,
byteOrder=Exiv2::littleEndian) at tiffcomposite.cpp:1570
#3 0x00007f60916a4f31 in Exiv2::Internal::TiffComponent::writeImage (
byteOrder=Exiv2::littleEndian, ioWrapper=..., this=0x55fbc521fc20) at
tiffcomposite.cpp:1555
#4 Exiv2::Internal::TiffDirectory::doWrite (this=<optimized out>,
ioWrapper=...,
byteOrder=Exiv2::littleEndian, offset=8, valueIdx=<optimized out>,
dataIdx=3142,
imageIdx=@0x7ffe1b26439c: 3240) at tiffcomposite.cpp:1200
#5 0x00007f60916ab41b in Exiv2::Internal::TiffParserWorker::encode (io=...,
pData=pData@entry=0x7f6091c25000 <error: Cannot access memory at address
0x7f6091c25000>,
size=size@entry=459, exifData=..., iptcData=..., xmpData=..., root=131072,
findEncoderFct=<optimized out>, pHeader=<optimized out>, pOffsetWriter=0x0)
at tiffimage.cpp:2176
#6 0x00007f60916ac29c in Exiv2::TiffParser::encode (io=...,
pData=pData@entry=0x7f6091c25000 <error: Cannot access memory at address
0x7f6091c25000>,
size=size@entry=459, byteOrder=byteOrder@entry=Exiv2::littleEndian,
exifData=...,
iptcData=..., xmpData=...) at tiffimage.cpp:276
#7 0x00007f60916ac3f3 in Exiv2::TiffImage::writeMetadata (this=0x55fbc521c640)
at tiffimage.cpp:219
#8 0x000055fbc4746121 in main (argc=<optimized out>, argv=<optimized out>)
at convert-test.cpp:30
(gdb)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9239
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
