An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Upstream Reference: https://github.com/Exiv2/exiv2/issues/712
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Upstream Reference: https://github.com/Exiv2/exiv2/issues/711
Gentoo Security Padawan
With media-gfx/exiv2-0.27.0-r2 we are not affected:
$ exiv2 -b -u -k -p R pr
exiv2: Action not available in Release mode: 'R'
Cleanup currently depends on darktable-2.6.0 stabilisation.
@maintainers, please drop the vulnerable
(In reply to Michael Palimaka (kensington) from comment #3)
> Cleanup done.
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.