Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 647808 - <media-gfx/exiv2-0.26_p20180319: heap-based buffer over-read in Exiv2::getULong function in types.cpp (CVE-2017-17725)
Summary: <media-gfx/exiv2-0.26_p20180319: heap-based buffer over-read in Exiv2::getULo...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/Exiv2/exiv2/issues...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks: 626214 CVE-2017-17669 CVE-2017-18005, CVE-2018-4868
  Show dependency tree
 
Reported: 2018-02-16 00:59 UTC by GLSAMaker/CVETool Bot
Modified: 2018-05-29 13:18 UTC (History)
2 users (show)

See Also:
Package list:
media-gfx/exiv2-0.26_p20180319
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-16 00:59:03 UTC
CVE-2017-17725 (https://nvd.nist.gov/vuln/detail/CVE-2017-17725):
  In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer
  over-read in the Exiv2::getULong function in types.cpp. Remote attackers can
  exploit the vulnerability to cause a denial of service via a crafted image
  file. Note that this vulnerability is different from CVE-2017-14864, which
  is an invalid memory address dereference.
Comment 1 Andreas Sturmlechner gentoo-dev 2018-02-17 00:41:00 UTC
Backport pending upstream: https://github.com/Exiv2/exiv2/pull/232
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-03-27 02:04:28 UTC
merged upstream thanks to Andreas.
Comment 3 Larry the Git Cow gentoo-dev 2018-04-25 17:53:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dc8557a38b42c16b34728619c94d0c89476251a

commit 1dc8557a38b42c16b34728619c94d0c89476251a
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-04-25 17:40:31 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-04-25 17:53:27 +0000

    media-gfx/exiv2: Add 0.26_p20180319 snapshot
    
    Fixing CVE-2017-17669, CVE-2017-17725, CVE-2017-18005, CVE-2018-4868
    
    Bug: https://bugs.gentoo.org/626214
    Bug: https://bugs.gentoo.org/643554
    Bug: https://bugs.gentoo.org/647808
    Bug: https://bugs.gentoo.org/640978
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 media-gfx/exiv2/Manifest                           |   1 +
 media-gfx/exiv2/exiv2-0.26_p20180319.ebuild        | 136 ++++++
 .../exiv2-0.26_p20180319-CVE-2017-18005.patch      | 484 +++++++++++++++++++++
 .../files/exiv2-0.26_p20180319-CVE-2018-4868.patch |  39 ++
 4 files changed, 660 insertions(+)}
Comment 4 Andreas Sturmlechner gentoo-dev 2018-04-29 14:21:57 UTC
Arches, please stabilise.
Comment 5 Larry the Git Cow gentoo-dev 2018-04-29 19:41:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a81a58941df3666319fcd943f43b205fb3c58d9

commit 0a81a58941df3666319fcd943f43b205fb3c58d9
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-04-29 19:11:37 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-29 19:41:40 +0000

    media-gfx/exiv2: stable 0.26_p20180319 for sparc
    
    Bug: https://bugs.gentoo.org/647808
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 6 Agostino Sarubbo gentoo-dev 2018-04-30 07:51:13 UTC
amd64 stable
Comment 7 Larry the Git Cow gentoo-dev 2018-05-01 08:07:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73e1be3de9849a18e97057c9ab092f4078808dc0

commit 73e1be3de9849a18e97057c9ab092f4078808dc0
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-05-01 07:44:48 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-01 08:07:04 +0000

    media-gfx/exiv2: stable 0.26_p20180319 for ia64, bug #647808
    
    Bug: https://bugs.gentoo.org/647808
    Package-Manager: Portage-2.3.31, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2018-05-02 16:33:45 UTC
x86 stable
Comment 9 Larry the Git Cow gentoo-dev 2018-05-11 22:56:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06fbdeb1f6f84e8a375a850426038ff227a9b280

commit 06fbdeb1f6f84e8a375a850426038ff227a9b280
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-05-11 22:56:24 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-11 22:56:24 +0000

    media-gfx/exiv2: stable 0.26_p20180319 for ppc, bug #647808
    
    Bug: https://bugs.gentoo.org/647808
    Package-Manager: Portage-2.3.36, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc"

 media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 10 Tobias Klausmann (RETIRED) gentoo-dev 2018-05-14 12:39:41 UTC
Stable on alpha.
Comment 11 Markus Meier gentoo-dev 2018-05-29 04:41:10 UTC
arm stable
Comment 12 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-05-29 09:12:21 UTC
ppc64 stable, hppa is not supported, please, cleanup.
Comment 13 Larry the Git Cow gentoo-dev 2018-05-29 12:32:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40c32e8333488b1965fa1de32d97a7403786ab0b

commit 40c32e8333488b1965fa1de32d97a7403786ab0b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-05-29 12:13:07 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-05-29 12:31:09 +0000

    media-gfx/exiv2: Drop 0.26_p20171104 (security cleanup)
    
    Bug: https://bugs.gentoo.org/647808
    Bug: https://bugs.gentoo.org/640978
    Bug: https://bugs.gentoo.org/643554
    Closes: https://bugs.gentoo.org/626214
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 media-gfx/exiv2/Manifest                    |   1 -
 media-gfx/exiv2/exiv2-0.26_p20171104.ebuild | 128 ----------------------------
 2 files changed, 129 deletions(-)