Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 626352 (CVE-2017-11683)

Summary: <media-gfx/exiv2-0.26_p20171018: remote denial of service attack via crafted input (CVE-2017-11683)
Product: Gentoo Security Reporter: Christopher Díaz Riveros (RETIRED) <chrisadr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 626132    

Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-27 10:45:22 UTC
From URL:

There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
Comment 1 Andreas Sturmlechner gentoo-dev 2017-11-05 13:22:01 UTC
Fixed in >=media-gfx/exiv2-0.26_p20171018.
Comment 2 Andreas Sturmlechner gentoo-dev 2017-11-19 15:31:54 UTC
Cleanup done in git commit cdb23e8b3608be50daebdeb5d904b179a58d8339
Comment 3 D'juan McDonald (domhnall) 2018-01-05 17:08:07 UTC
New GLSA request filed.

Gentoo Security Padawan
Comment 4 Thomas Deutschmann gentoo-dev Security 2018-01-08 00:22:49 UTC
Downgrading to B3, DoS only.

Repository is clean, all done.