Debian Bug report logs -
#863410
exiv2: CVE-2017-9239
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>:
Bug#863410; Package src:exiv2.
(Fri, 26 May 2017 14:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>.
(Fri, 26 May 2017 14:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: exiv2
Version: 0.24-4.1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for exiv2.
CVE-2017-9239[0]:
| An issue was discovered in Exiv2 0.26. When the data structure of the
| structure ifd is incorrect, the program assigns pValue_ to 0x0, and the
| value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the
| value of pValue() to cause a segmentation fault. To exploit this
| vulnerability, someone must open a crafted tiff file.
"Demostrable" with convert-test, in unstable, but I think the very
same issue should be in 0.24 as well, since the code path should be
the same (but please confirm):
Program terminated with signal SIGSEGV, Segmentation fault.
#0 Exiv2::Internal::TiffImageEntry::doWriteImage (this=0x55fbc5220620, ioWrapper=...)
at tiffcomposite.cpp:1610
1610 } // TiffIfdMakernote::doWriteImage
(gdb) bt
#0 Exiv2::Internal::TiffImageEntry::doWriteImage (this=0x55fbc5220620, ioWrapper=...)
at tiffcomposite.cpp:1610
#1 0x00007f609169cb6d in Exiv2::Internal::TiffComponent::writeImage (
byteOrder=Exiv2::littleEndian, ioWrapper=..., this=<optimized out>) at tiffcomposite.cpp:1555
#2 Exiv2::Internal::TiffDirectory::doWriteImage (this=0x55fbc521fc20, ioWrapper=...,
byteOrder=Exiv2::littleEndian) at tiffcomposite.cpp:1570
#3 0x00007f60916a4f31 in Exiv2::Internal::TiffComponent::writeImage (
byteOrder=Exiv2::littleEndian, ioWrapper=..., this=0x55fbc521fc20) at tiffcomposite.cpp:1555
#4 Exiv2::Internal::TiffDirectory::doWrite (this=<optimized out>, ioWrapper=...,
byteOrder=Exiv2::littleEndian, offset=8, valueIdx=<optimized out>, dataIdx=3142,
imageIdx=@0x7ffe1b26439c: 3240) at tiffcomposite.cpp:1200
#5 0x00007f60916ab41b in Exiv2::Internal::TiffParserWorker::encode (io=...,
pData=pData@entry=0x7f6091c25000 <error: Cannot access memory at address 0x7f6091c25000>,
size=size@entry=459, exifData=..., iptcData=..., xmpData=..., root=131072,
findEncoderFct=<optimized out>, pHeader=<optimized out>, pOffsetWriter=0x0)
at tiffimage.cpp:2176
#6 0x00007f60916ac29c in Exiv2::TiffParser::encode (io=...,
pData=pData@entry=0x7f6091c25000 <error: Cannot access memory at address 0x7f6091c25000>,
size=size@entry=459, byteOrder=byteOrder@entry=Exiv2::littleEndian, exifData=...,
iptcData=..., xmpData=...) at tiffimage.cpp:276
#7 0x00007f60916ac3f3 in Exiv2::TiffImage::writeMetadata (this=0x55fbc521c640)
at tiffimage.cpp:219
#8 0x000055fbc4746121 in main (argc=<optimized out>, argv=<optimized out>)
at convert-test.cpp:30
(gdb)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9239
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Moritz Muehlenhoff <jmm@debian.org>:
You have taken responsibility.
(Mon, 05 Jun 2017 21:09:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 05 Jun 2017 21:09:05 GMT) (full text, mbox, link).
Message #14 received at 863410-close@bugs.debian.org (full text, mbox, reply):
Source: exiv2
Source-Version: 0.25-3.1
We believe that the bug you reported is fixed in the latest version of
exiv2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 863410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@debian.org> (supplier of updated exiv2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 05 Jun 2017 22:42:20 +0200
Source: exiv2
Binary: exiv2 libexiv2-14 libexiv2-dev libexiv2-doc libexiv2-dbg
Architecture: source amd64 all
Version: 0.25-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description:
exiv2 - EXIF/IPTC/XMP metadata manipulation tool
libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library
libexiv2-dbg - EXIF/IPTC/XMP metadata manipulation library - debug
libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files
libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation
Closes: 863410
Changes:
exiv2 (0.25-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2017-9239 (Closes: #863410)
Checksums-Sha1:
849ccab9fdb77673f9b2c6316e4815476bc9f8f3 2276 exiv2_0.25-3.1.dsc
74610e65fdee1f574151a83d5c95a010d4aa912b 20320 exiv2_0.25-3.1.debian.tar.xz
e3b63460762b991715e16d1ce8cd2894ec3cf756 8699 exiv2_0.25-3.1_amd64.buildinfo
b81e798b89b509cfe1c787a585b78fa7c98b0b5f 108212 exiv2_0.25-3.1_amd64.deb
ad3860b62884f7eb932b41c673977d91212ba51c 710864 libexiv2-14_0.25-3.1_amd64.deb
d45cec8bd486ed7efe793d1cfdc5a4ac3047acf2 6251662 libexiv2-dbg_0.25-3.1_amd64.deb
be5ba73a6578da320cf72789252fb4f421ca07b9 1545300 libexiv2-dev_0.25-3.1_amd64.deb
d0dba9023561d72903a331ba756f5408e35e935f 20235230 libexiv2-doc_0.25-3.1_all.deb
Checksums-Sha256:
15400cca0136f2f49cf2a58861731142f05b8144c6d24f0634576fc0eaca19c1 2276 exiv2_0.25-3.1.dsc
f218974f4a93338cd45a2eb65507b409694a905fe0d3ff8c7d3091d91576f67c 20320 exiv2_0.25-3.1.debian.tar.xz
6038e93f8768ba4a7b869e65206e5626ba3105322029d259ac7386a6c874773d 8699 exiv2_0.25-3.1_amd64.buildinfo
3fe010cab4d4f1a77d7aa20b99eae8ee776f85979c39da25c5bbe6177eb526dc 108212 exiv2_0.25-3.1_amd64.deb
0fa5c8f6242b6786e7409a0f3ef46a1730c12797960780a8f9ad9f0f04864520 710864 libexiv2-14_0.25-3.1_amd64.deb
5a7936634e4ea4b683c064e14bd29a09c79d6bd48af9edd30818d8ffb39eae6e 6251662 libexiv2-dbg_0.25-3.1_amd64.deb
9480a7a2447b06403f648d5dfb8aeadc006bf9007b35cec201532110d5eeed34 1545300 libexiv2-dev_0.25-3.1_amd64.deb
ec7d815c0e078ac6e4a63f59f139ead41a94c34d95213030076b1cbe239c53cd 20235230 libexiv2-doc_0.25-3.1_all.deb
Files:
57c170b72189253529f2f9764add9a63 2276 graphics optional exiv2_0.25-3.1.dsc
f4636f324dc3bbf33a5e4501de96b205 20320 graphics optional exiv2_0.25-3.1.debian.tar.xz
e52e801916c0869d274cf00051dc55fd 8699 graphics optional exiv2_0.25-3.1_amd64.buildinfo
b9e162d53c88332039c64ba5292b0fd6 108212 graphics optional exiv2_0.25-3.1_amd64.deb
be62414c0c59f141b22d1cbfb5172610 710864 libs optional libexiv2-14_0.25-3.1_amd64.deb
b0fbe7509bc4e695c6beedf6a98638a7 6251662 debug extra libexiv2-dbg_0.25-3.1_amd64.deb
1b383279d9de4fa2210791e98463f95b 1545300 libdevel optional libexiv2-dev_0.25-3.1_amd64.deb
b977ce7ab380dab114f59b5118d21f3a 20235230 doc optional libexiv2-doc_0.25-3.1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlk1w5YACgkQEMKTtsN8
TjYNIw/6AlQqNIYkyghWJ2jVaF33A/E+TubaPuS7IvpNQYWz99GRfmtBKwm9QdiF
ZlSjlTEY2ub6ExgqPHZOAgY1BZZY7zwdZiCqbARlbN32JjFMvItOnF6z1/lt1Qn5
pLSp4438XeFkNfs9ZjFasvMJtGlAeR0NO0DQp861rCHRSylHSI/avkzeP7AJdDS0
UjGyambm+KNwlVBlHsMUZXGEgFsYnBwk500B0CX+SmKZz2Olb8LWBX73ZGUeIYI6
S1cYU9zx1KhVqVgGofGOk/UYCQEDd0RmXtAgT2YpEc04oD2HqAmbwwpo8aPkjiyG
0A3k7jrMmjJMtfGKh7jhitd6Td56407wucUIYTT2Lm0NXrERDeyQUaTZgzoCOgUm
io+olI2Xk2uLeAhbvlg0coOfgiK5JXtX5e1Dwp+FD4bV+QogQQVlIuyghQMTJPy/
oxdcwHmG4qegg2Y3cI1roOrckS6DHKC6/CiFGdyChWkMQXbM429MgPVfHi3KkA68
jQuwdWohx8+swL4io4tCAqZM6GlQuELgEyloZAc4qGYggh5jPTMrt6Kjn10RYD7b
QQhnekXO7auMvDMJp5JFLMyWISZXyZ483zHck6saRca6obeNMm1pQp4chx7eoIyl
fMPmX3MAobG6WcL++zL78ixEkinKvFzycLhM6ez3ZQUhBGSQnnw=
=GyEZ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 06 Jul 2017 07:25:15 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:01:06 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon