Bug#401660: Image with corrupted metadata crashes Exiv2
Steve Langasek
vorlon at debian.org
Tue Jan 9 13:13:50 CET 2007
tags 401660 patch
thanks
Given this bug's apparent RC status, we still need a fix for exiv2 0.10 for
etch.
I believe I've isolated the relevant fix for this bug based on the upstream
0.12 changelog. Gregor, could you check whether the attached patch, applied
to exiv2 0.10, fixes the crash for you? If not, could you please forward an
example jpeg that triggers the crash?
At this point, I'm inclined to say that the main reason for treating this
bug as RC is that crashes on invalid input are often exploitable.
Ungraceful handling of invalid files doesn't itself make a package unusable,
so if this bug were known to not be exploitable, I would be inclined to
downgrade it.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exiv2-401660.diff
Type: text/x-diff
Size: 1397 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20070109/8a7a32b3/exiv2-401660-0001.bin
More information about the Pkg-voip-maintainers
mailing list