Infinite recursion in exif_data_load_data_content. This function can get into an infinite recursion.
Jeremy please advise.
I suppose it could be manipulated to cause apache to crash if one of its modules does image processing. I know php does this, but I don't believe it links with libexif. Still, the possibility is there for remote DoS for a service that DOES allow image processing of uploaded images with libexif. I'm testing the patch now. Affected versions are <0.6.12-r4 libexif-0.5.12-r3 is going to be patched with the fix
well... that patch actually didn't fix the bug... I still got kuickshow to segfault when trying to open that jpg: Corrupt JPEG data: 59 extraneous bytes before marker 0xd9 Segmentation fault (core dumped)
Actually, kuickshow and kde's jpeg ioslave don't use this lib, so there's a problem in whatever libs kde uses for exif data (is it in libjpeg?)
Thx for the notification, we will handle the KDE issue on another bug. Let us know when an ebuild is ready for stable marking.
Arches please test and mark libexif-0.5.12-r3 stable.
Compiles without errors on ppc. Could not test, as no testing instruction has been given.
How to test this bug: <@eradicator> Pylon: get the .jpg file mentioned on the upstream bug and open it in gimp I can open it in gimp (on ppc) and get the error message: "Corrupt JPEG data: 59 extraneous bytes before marker 0xd9 EXIF data will be ignored." So, ppc-test verified.
stable on ppc64
Stable on alpha + ia64.
This one is ready for GLSA decision. Though not sure this should be rated an A or B item. Comments?
Rating B (for limited exposure). 1/2 vote NO here too...
Stable on hppa
adding my half vote against a GLSA to koon's half vote so we got one vote against a GLSA now
I vote a full NO. Feel free to reopen if you disagree.
Stable on mips.