Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 624638 (CVE-2017-9953)

Summary: <media-gfx/exiv2-0.26_p20171104: Segmentation fault in Image::printIFDStructure (CVE-2017-9953)
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/Exiv2/exiv2/issues/144
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=1465061
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Aleksandr Wagner (Kivak) 2017-07-12 07:05:56 UTC 
There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1465061
Comment 1 Andreas Sturmlechner gentoo-dev 2018-02-16 23:08:24 UTC 
Red Hat is not upstream for this.
Comment 2 Andreas Sturmlechner gentoo-dev 2018-02-16 23:16:10 UTC 
Our snapshot of 0.26 is not vulnerable to this particular bug.
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-03-27 01:54:55 UTC 
GLSA Vote: No