Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 293190 - <media-libs/libexif-0.6.19: Heap-based buffer overflow (CVE-2009-3895)
Summary: <media-libs/libexif-0.6.19: Heap-based buffer overflow (CVE-2009-3895)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://article.gmane.org/gmane.comp.g...
Whiteboard: ~2 [noglsa]
Keywords:
: 293192 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-11-14 17:33 UTC by Alex Legler (RETIRED)
Modified: 2009-11-26 08:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-11-14 17:33:04 UTC
From $URL:
PROBLEM DESCRIPTION

A flaw in libexif was discovered that causes a heap buffer to overflow
when certain invalid EXIF images are processed. The flaw occurs in the
tag fixup routine which attempts to convert in place an array of 8-bit
integers into 16-bit integers. This fixup is performed by default after
reading an image and until version 0.6.18 there was no easy way to disable
it, so it is likely that nearly all applications using libexif to read
images are vulnerable.

AFFECTED VERSIONS

Only libexif version 0.6.18 is affected by this flaw. Version 0.6.17 and
previous and 0.6.19 and later are not affected.

SOLUTION

Upgrade to version 0.6.19.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-11-14 17:34:16 UTC
Stable is not affected.
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-11-14 17:43:51 UTC
*** Bug 293192 has been marked as a duplicate of this bug. ***
Comment 3 Markus Meier gentoo-dev 2009-11-14 20:33:36 UTC
bumped in cvs, 0.6.18 versions removed.

*exif-0.6.19 (14 Nov 2009)

  14 Nov 2009; Markus Meier <maekke@gentoo.org> -exif-0.6.18.ebuild,
  +exif-0.6.19.ebuild:
  version bump wrt bug #293190 and bug #293194

*libexif-0.6.19 (14 Nov 2009)

  14 Nov 2009; Markus Meier <maekke@gentoo.org> -libexif-0.6.18.ebuild,
  +libexif-0.6.19.ebuild:
  version bump wrt bug #293190 and bug #293194
Comment 4 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-11-14 20:34:38 UTC
Thanks. → noglsa
Comment 5 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-11-26 08:26:30 UTC
CVE-2009-3895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3895):
  Heap-based buffer overflow in the exif_entry_fix function (aka the
  tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows
  remote attackers to cause a denial of service or possibly execute
  arbitrary code via an invalid EXIF image.  NOTE: some of these
  details are obtained from third party information.