640978 – (CVE-2017-17669) <media-gfx/exiv2-0.26_p20180319: remote denial of service attack (heap-based buffer over-read)

Bug 640978 (CVE-2017-17669) - <media-gfx/exiv2-0.26_p20180319: remote denial of service attack (heap-based buffer over-read)

Summary: <media-gfx/exiv2-0.26_p20180319: remote denial of service attack (heap-based ...

Status:	RESOLVED FIXED

Alias:	CVE-2017-17669

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://github.com/Exiv2/exiv2/issues...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:	647808
Blocks:
	Show dependency tree

Reported:	2017-12-14 04:06 UTC by D'juan McDonald (domhnall)
Modified:	2018-05-29 12:44 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-12-14 04:06:45 UTC

CVE-2017-17669 (https://nvd.nist.gov/vuln/detail/CVE-2017-17669):

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

See $URL for PoC details.


@maintainer(s): last clean-up was done on '19 Nov 2017' CVE details released on '12/13/2017'. After bump, please call for stabilization when ready, thank you.

Gentoo Security Padawan
(Jmbailey/mbailey_j)

Comment 1 Andreas Sturmlechner gentoo-dev

2018-02-17 00:40:23 UTC

Backport pending upstream: https://github.com/Exiv2/exiv2/pulls

Comment 2 Larry the Git Cow gentoo-dev

2018-04-25 17:53:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dc8557a38b42c16b34728619c94d0c89476251a

commit 1dc8557a38b42c16b34728619c94d0c89476251a
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-04-25 17:40:31 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-04-25 17:53:27 +0000

    media-gfx/exiv2: Add 0.26_p20180319 snapshot
    
    Fixing CVE-2017-17669, CVE-2017-17725, CVE-2017-18005, CVE-2018-4868
    
    Bug: https://bugs.gentoo.org/626214
    Bug: https://bugs.gentoo.org/643554
    Bug: https://bugs.gentoo.org/647808
    Bug: https://bugs.gentoo.org/640978
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 media-gfx/exiv2/Manifest                           |   1 +
 media-gfx/exiv2/exiv2-0.26_p20180319.ebuild        | 136 ++++++
 .../exiv2-0.26_p20180319-CVE-2017-18005.patch      | 484 +++++++++++++++++++++
 .../files/exiv2-0.26_p20180319-CVE-2018-4868.patch |  39 ++
 4 files changed, 660 insertions(+)}

Comment 3 Larry the Git Cow gentoo-dev

2018-05-29 12:32:07 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40c32e8333488b1965fa1de32d97a7403786ab0b

commit 40c32e8333488b1965fa1de32d97a7403786ab0b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-05-29 12:13:07 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-05-29 12:31:09 +0000

    media-gfx/exiv2: Drop 0.26_p20171104 (security cleanup)
    
    Bug: https://bugs.gentoo.org/647808
    Bug: https://bugs.gentoo.org/640978
    Bug: https://bugs.gentoo.org/643554
    Closes: https://bugs.gentoo.org/626214
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 media-gfx/exiv2/Manifest                    |   1 -
 media-gfx/exiv2/exiv2-0.26_p20171104.ebuild | 128 ----------------------------
 2 files changed, 129 deletions(-)

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2018-05-29 12:44:19 UTC

GLSA Vote: No