[Pkg-kde-extras] Bug#863410: exiv2: CVE-2017-9239

Salvatore Bonaccorso carnil at debian.org
Fri May 26 14:00:21 UTC 2017 

Source: exiv2
Version: 0.24-4.1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for exiv2.

CVE-2017-9239[0]:
| An issue was discovered in Exiv2 0.26. When the data structure of the
| structure ifd is incorrect, the program assigns pValue_ to 0x0, and the
| value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the
| value of pValue() to cause a segmentation fault. To exploit this
| vulnerability, someone must open a crafted tiff file.

"Demostrable" with convert-test, in unstable, but I think the very
same issue should be in 0.24 as well, since the code path should be
the same (but please confirm):

Program terminated with signal SIGSEGV, Segmentation fault.
#0  Exiv2::Internal::TiffImageEntry::doWriteImage (this=0x55fbc5220620, ioWrapper=...)
    at tiffcomposite.cpp:1610
1610        } // TiffIfdMakernote::doWriteImage
(gdb) bt
#0  Exiv2::Internal::TiffImageEntry::doWriteImage (this=0x55fbc5220620, ioWrapper=...)
    at tiffcomposite.cpp:1610
#1  0x00007f609169cb6d in Exiv2::Internal::TiffComponent::writeImage (
    byteOrder=Exiv2::littleEndian, ioWrapper=..., this=<optimized out>) at tiffcomposite.cpp:1555
#2  Exiv2::Internal::TiffDirectory::doWriteImage (this=0x55fbc521fc20, ioWrapper=..., 
    byteOrder=Exiv2::littleEndian) at tiffcomposite.cpp:1570
#3  0x00007f60916a4f31 in Exiv2::Internal::TiffComponent::writeImage (
    byteOrder=Exiv2::littleEndian, ioWrapper=..., this=0x55fbc521fc20) at tiffcomposite.cpp:1555
#4  Exiv2::Internal::TiffDirectory::doWrite (this=<optimized out>, ioWrapper=..., 
    byteOrder=Exiv2::littleEndian, offset=8, valueIdx=<optimized out>, dataIdx=3142, 
    imageIdx=@0x7ffe1b26439c: 3240) at tiffcomposite.cpp:1200
#5  0x00007f60916ab41b in Exiv2::Internal::TiffParserWorker::encode (io=..., 
    pData=pData at entry=0x7f6091c25000 <error: Cannot access memory at address 0x7f6091c25000>, 
    size=size at entry=459, exifData=..., iptcData=..., xmpData=..., root=131072, 
    findEncoderFct=<optimized out>, pHeader=<optimized out>, pOffsetWriter=0x0)
    at tiffimage.cpp:2176
#6  0x00007f60916ac29c in Exiv2::TiffParser::encode (io=..., 
    pData=pData at entry=0x7f6091c25000 <error: Cannot access memory at address 0x7f6091c25000>, 
    size=size at entry=459, byteOrder=byteOrder at entry=Exiv2::littleEndian, exifData=..., 
    iptcData=..., xmpData=...) at tiffimage.cpp:276
#7  0x00007f60916ac3f3 in Exiv2::TiffImage::writeMetadata (this=0x55fbc521c640)
    at tiffimage.cpp:219
#8  0x000055fbc4746121 in main (argc=<optimized out>, argv=<optimized out>)
    at convert-test.cpp:30
(gdb)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9239
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9239

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

More information about the pkg-kde-extras mailing list