Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 293190

Summary: <media-libs/libexif-0.6.19: Heap-based buffer overflow (CVE-2009-3895)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: graphics+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://article.gmane.org/gmane.comp.graphics.libexif.devel/806
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-14 17:33:04 UTC 
From $URL:
PROBLEM DESCRIPTION

A flaw in libexif was discovered that causes a heap buffer to overflow
when certain invalid EXIF images are processed. The flaw occurs in the
tag fixup routine which attempts to convert in place an array of 8-bit
integers into 16-bit integers. This fixup is performed by default after
reading an image and until version 0.6.18 there was no easy way to disable
it, so it is likely that nearly all applications using libexif to read
images are vulnerable.

AFFECTED VERSIONS

Only libexif version 0.6.18 is affected by this flaw. Version 0.6.17 and
previous and 0.6.19 and later are not affected.

SOLUTION

Upgrade to version 0.6.19.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-14 17:34:16 UTC 
Stable is not affected.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-14 17:43:51 UTC 
*** Bug 293192 has been marked as a duplicate of this bug. ***
Comment 3 Markus Meier gentoo-dev 2009-11-14 20:33:36 UTC 
bumped in cvs, 0.6.18 versions removed.

*exif-0.6.19 (14 Nov 2009)

  14 Nov 2009; Markus Meier <maekke@gentoo.org> -exif-0.6.18.ebuild,
  +exif-0.6.19.ebuild:
  version bump wrt bug #293190 and bug #293194

*libexif-0.6.19 (14 Nov 2009)

  14 Nov 2009; Markus Meier <maekke@gentoo.org> -libexif-0.6.18.ebuild,
  +libexif-0.6.19.ebuild:
  version bump wrt bug #293190 and bug #293194
Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-14 20:34:38 UTC 
Thanks. → noglsa
Comment 5 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-26 08:26:30 UTC 
CVE-2009-3895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3895):
  Heap-based buffer overflow in the exif_entry_fix function (aka the
  tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows
  remote attackers to cause a denial of service or possibly execute
  arbitrary code via an invalid EXIF image.  NOTE: some of these
  details are obtained from third party information.