Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 621028 (CVE-2017-9239) - <media-gfx/exiv2-0.26_p20171104: Segmentation fault in TiffImageEntry::doWriteImage function (CVE-2017-9239)
Summary: <media-gfx/exiv2-0.26_p20171104: Segmentation fault in TiffImageEntry::doWrit...
Status: RESOLVED FIXED
Alias: CVE-2017-9239
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-06 14:21 UTC by Volkan
Modified: 2018-02-21 19:39 UTC (History)
1 user (show)

See Also:
Package list:
media-gfx/exiv2-0.26_p20171104
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Volkan 2017-06-06 14:21:41 UTC
Bug affecting version 0.26, which is not in tree yet

An issue was discovered in Exiv2 0.26. When the data structure of the structure
ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue()
is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a
segmentation fault. To exploit this vulnerability, someone must open a crafted
tiff file.

Upstream issue:

http://dev.exiv2.org/issues/1295

References:

https://github.com/lolo-pop/poc/tree/master/Segmentation%20fault%20in%20convert-test(exiv2)
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 14:43:56 UTC
CVE-2017-9239 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9239):
  An issue was discovered in Exiv2 0.26. When the data structure of the
  structure ifd is incorrect, the program assigns pValue_ to 0x0, and the
  value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of
  pValue() to cause a segmentation fault. To exploit this vulnerability,
  someone must open a crafted tiff file.
Comment 2 Thomas Deutschmann gentoo-dev Security 2017-06-06 14:45:28 UTC
Our version in repository _is_ affected.

Upstream patch: https://github.com/Exiv2/exiv2/commit/2f8681e120d277e418941c4361c83b5028f67fd8
Comment 3 Andreas Sturmlechner gentoo-dev 2017-06-06 22:12:50 UTC
Working on it, but build system needs battering into shape once more...
Comment 4 Andreas Sturmlechner gentoo-dev 2017-06-07 06:14:50 UTC
exiv-0.26 is now in tree, masked, with CVE-2017-9239 addressed, git commit 30f7dfcd4f9710d6f01ec079cb9ed71424347e5b
Comment 5 Andreas Sturmlechner gentoo-dev 2017-06-17 20:56:49 UTC
media-gfx/exiv2-0.26 is unmasked in tree since June 7th, bug 621242 was just fixed. Feel free to stabilise as you see fit.
Comment 6 Stabilization helper bot gentoo-dev 2017-11-05 15:00:42 UTC
An automated check of this bug failed - the following atom is unknown:

media-gfx/exiv2-0.26_p20171018

Please verify the atom list.
Comment 7 Stabilization helper bot gentoo-dev 2017-11-05 16:00:57 UTC
An automated check of this bug succeeded - the previous repoman errors are now resolved.
Comment 8 Thomas Deutschmann gentoo-dev Security 2017-11-05 21:29:44 UTC
x86 stable
Comment 9 Sergei Trofimovich gentoo-dev 2017-11-06 08:02:12 UTC
ia64 stable
Comment 10 Manuel Rüger (RETIRED) gentoo-dev 2017-11-06 11:53:47 UTC
amd64 stable
Comment 11 Tobias Klausmann gentoo-dev 2017-11-08 12:53:49 UTC
Stable on alpha.
Comment 12 Sergei Trofimovich gentoo-dev 2017-11-12 10:27:56 UTC
ppc64 stable
Comment 13 Sergei Trofimovich gentoo-dev 2017-11-13 22:39:11 UTC
ppc stable
Comment 14 Sergei Trofimovich gentoo-dev 2017-11-19 12:21:05 UTC
hppa stable
Comment 15 Markus Meier gentoo-dev 2017-11-19 15:08:08 UTC
arm stable, all arches done.
Comment 16 Larry the Git Cow gentoo-dev 2017-11-19 15:23:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cdb23e8b3608be50daebdeb5d904b179a58d8339

commit cdb23e8b3608be50daebdeb5d904b179a58d8339
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2017-11-19 15:23:00 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2017-11-19 15:23:34 +0000

    media-gfx/exiv2: Security cleanup
    
    Bug: https://bugs.gentoo.org/621028
    Package-Manager: Portage-2.3.14, Repoman-2.3.6

 media-gfx/exiv2/Manifest                           |   1 -
 media-gfx/exiv2/exiv2-0.25-r2.ebuild               | 127 ---------------------
 media-gfx/exiv2/files/exiv2-0.25-fix-docs.patch    |  71 ------------
 .../exiv2/files/exiv2-0.25-fix-install-dirs.patch  |  64 -----------
 .../exiv2/files/exiv2-0.25-fix-without-zlib.patch  |  22 ----
 .../files/exiv2-0.25-fvisibility-hidden.patch      |  19 ---
 .../exiv2/files/exiv2-0.25-hide-symbols.patch      |  97 ----------------
 .../exiv2/files/exiv2-0.25-tools-optional.patch    |  27 -----
 8 files changed, 428 deletions(-)}
Comment 17 Andreas Sturmlechner gentoo-dev 2017-11-19 15:37:04 UTC
Cleanup done in git commit cdb23e8b3608be50daebdeb5d904b179a58d8339
Comment 18 Sergei Trofimovich gentoo-dev 2018-02-21 19:39:13 UTC
commit 319d04a82b6c0c436aa3deee70ea8052ab1a6ba2
Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Wed Feb 21 08:55:37 2018 +0100

    media-gfx/exiv2: stable 0.26_p20171104 for sparc, bug #621028