libexif: CVE-2009-3895: heap buffer overflow when processing certain images

Debian Bug report logs - #557137
libexif: CVE-2009-3895: heap buffer overflow when processing certain images

Toggle useless messages

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <geissert@debian.org>

To: submit@bugs.debian.org

Subject: libexif: CVE-2009-3895: heap buffer overflow when processing certain images

Date: Thu, 19 Nov 2009 14:16:36 -0600

Package: libexif12
Version: 0.6.18-1
Severity: serious
Tags: security

Hi,

the following CVE (Common Vulnerabilities & Exposures) id was
published for libexif.

Vulnerability description[0]:
> A flaw in libexif was discovered that causes a heap buffer to overflow
> when certain invalid EXIF images are processed. The flaw occurs in the
> tag fixup routine which attempts to convert in place an array of 8-bit
> integers into 16-bit integers. This fixup is performed by default after
> reading an image and until version 0.6.18 there was no easy way to disable
> it, so it is likely that nearly all applications using libexif to read
> images are vulnerable.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://article.gmane.org/gmane.comp.graphics.libexif.devel/806
    http://security-tracker.debian.org/tracker/CVE-2009-3895

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Message #10 received at 557137@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bouthenot <kolter@openics.org>

To: Raphael Geissert <geissert@debian.org>, 557137@bugs.debian.org

Cc: control@bugs.debian.org, pkg-phototools-devel@lists.alioth.debian.org

Subject: Re: [Pkg-phototools-devel] Bug#557137: libexif: CVE-2009-3895: heap buffer overflow when processing certain images

Date: Thu, 19 Nov 2009 23:03:29 +0100

tags 557137 + pending
thanks

Hi Raphael,

> the following CVE (Common Vulnerabilities & Exposures) id was
> published for libexif.
I will upload libexif and exif 0.6.19 soon.


Regards,

-- 
Emmanuel Bouthenot
 mail : kolter@openics.org
  gpg : 0x414EC36E
 xmpp : kolter@im.openics.org
  irc : kolter@(freenode|oftc)

Message #15 received at 557137-close@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bouthenot <kolter@openics.org>

To: 557137-close@bugs.debian.org

Subject: Bug#557137: fixed in libexif 0.6.19-1

Date: Thu, 19 Nov 2009 23:03:29 +0000

Source: libexif
Source-Version: 0.6.19-1

We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive:

libexif-dev_0.6.19-1_amd64.deb
  to main/libe/libexif/libexif-dev_0.6.19-1_amd64.deb
libexif12_0.6.19-1_amd64.deb
  to main/libe/libexif/libexif12_0.6.19-1_amd64.deb
libexif_0.6.19-1.diff.gz
  to main/libe/libexif/libexif_0.6.19-1.diff.gz
libexif_0.6.19-1.dsc
  to main/libe/libexif/libexif_0.6.19-1.dsc
libexif_0.6.19.orig.tar.gz
  to main/libe/libexif/libexif_0.6.19.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 557137@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bouthenot <kolter@openics.org> (supplier of updated libexif package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 19 Nov 2009 22:38:27 +0000
Source: libexif
Binary: libexif-dev libexif12
Architecture: source amd64
Version: 0.6.19-1
Distribution: unstable
Urgency: high
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Emmanuel Bouthenot <kolter@openics.org>
Description: 
 libexif-dev - library to parse EXIF files (development files)
 libexif12  - library to parse EXIF files
Closes: 557137
Changes: 
 libexif (0.6.19-1) unstable; urgency=high
 .
   * New upstream release
     - fix CVE-2009-3895: heap buffer overflow during tag format conversion
       (Closes: #557137)
Checksums-Sha1: 
 bcec3517ed596467c40b352b6960d97b14f13d93 1348 libexif_0.6.19-1.dsc
 ce669ea945beb9cd636f0dd8f723d006138aa13c 1699222 libexif_0.6.19.orig.tar.gz
 2fdab86139edbf4031a67982409ce73d92f11911 5392 libexif_0.6.19-1.diff.gz
 e0957828f6ef24222ae100c43cd482503182cf42 374436 libexif-dev_0.6.19-1_amd64.deb
 4608b8d75f32719d82f309e3f13cad90739e7c26 505088 libexif12_0.6.19-1_amd64.deb
Checksums-Sha256: 
 ed3ba20379680dfcd8e6c466c0afdd5b9aea399183b76ba24a959d5283cca88d 1348 libexif_0.6.19-1.dsc
 b2d8a609f2900d94e6ed874197936cc45f3a84bc498382d56b389108abc9b228 1699222 libexif_0.6.19.orig.tar.gz
 91d3cb5e4ed61f69fa1d3111851b0bbdec7fc506d2b9268649edccaab8136872 5392 libexif_0.6.19-1.diff.gz
 1abd6b1369dbdf63e7296f954959fba568369400197aa1022ab9f23feba12a94 374436 libexif-dev_0.6.19-1_amd64.deb
 59fe2f36b8b64de42a287924ff97aeb8bdc1c136a631dbf226df9bc58925100c 505088 libexif12_0.6.19-1_amd64.deb
Files: 
 66f97c5adb9641396ae90eba5d577024 1348 libs optional libexif_0.6.19-1.dsc
 986741d9e5e0cbf9642eb2893c885e8a 1699222 libs optional libexif_0.6.19.orig.tar.gz
 2a1397503f99afd0e3c3b5150f770889 5392 libs optional libexif_0.6.19-1.diff.gz
 ba1057791fd9ce55d73043a74f0816d7 374436 libdevel optional libexif-dev_0.6.19-1_amd64.deb
 ca986f66d001a54c7fcfe5654dfc73c2 505088 libs optional libexif12_0.6.19-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksFy3YACgkQpHXqGUFOw25Y0QCbB/WUSFTy7iFirPEjgYZkcVJ6
p88AnikFa5wOESw1euR+8dHLg37lbSNp
=AIWI
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.