Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626352 (CVE-2017-11683) - <media-gfx/exiv2-0.26_p20171018: remote denial of service attack via crafted input (CVE-2017-11683)
Summary: <media-gfx/exiv2-0.26_p20171018: remote denial of service attack via crafted ...
Status: RESOLVED FIXED
Alias: CVE-2017-11683
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks: CVE-2017-11336, CVE-2017-11337, CVE-2017-11338, CVE-2017-11339, CVE-2017-11340
  Show dependency tree
 
Reported: 2017-07-27 10:45 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2018-01-08 00:22 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-27 10:45:22 UTC
From URL:

There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
Comment 1 Andreas Sturmlechner gentoo-dev 2017-11-05 13:22:01 UTC
Fixed in >=media-gfx/exiv2-0.26_p20171018.
Comment 2 Andreas Sturmlechner gentoo-dev 2017-11-19 15:31:54 UTC
Cleanup done in git commit cdb23e8b3608be50daebdeb5d904b179a58d8339
Comment 3 D'juan McDonald (domhnall) 2018-01-05 17:08:07 UTC
New GLSA request filed.


Gentoo Security Padawan
(Jmbailey/mbailey_j)
Comment 4 Thomas Deutschmann gentoo-dev Security 2018-01-08 00:22:49 UTC
Downgrading to B3, DoS only.

Repository is clean, all done.