Package: metacam Version: 1.2-6 Severity: important Tags: security metacam crashes when using following example input file fuzzed with AFL <http://lcamtuf.coredump.cx/afl/>.
727e57e1d8f6a88bdefee47198ff8ab94fe2e1dc afl-metacam-sample-002.jpg Starting program: metacam afl-metacam-sample-002.jpg File: afl-metacam-sample-002.jpg Standard Fields ----------------------------------- Make: EASTMAN KODAK COMPANY Model: KODAK CX4200 DIGITAL CAMERA Software Version: Ver�on 1.0100 X Resolution: 230 Pixels/Inch Y Resolution: 230 Pixels/Inch Bits Per Sample: (1) YCbCr Positioning: Datum Point WARNING: Unknown field type 65535 WARNING: Unknown field type 65535 WARNING: Unknown field type 37 WARNING: Unknown field type 136 WARNING: Unknown field type 144 WARNING: Unknown field type 12432 WARNING: Unknown field type 5264 WARNING: Unknown field type 10385 WARNING: Unknown field type 145 WARNING: Unknown field type 19602 WARNING: Unknown field type 21650 WARNING: Unknown field type 23698 WARNING: Unknown field type 25746 WARNING: Unknown field type 27794 WARNING: Unknown field type 146 WARNING: Unknown field type 146 WARNING: Unknown field type 29842 WARNING: Unknown field type 25 EXIF Fields --------------------------------------- Exposure Time: 35882743/38096943 Sec. Aperture: f59.3514 Exif Image Width: 1705168 pixels Exif Image Height: 1632 pixels Exposure Mode: Auto Exposure White Balance: Auto White Balance Sensing Method: Single Chip Color Area Sensor ColorSpace: sRGB Program received signal SIGSEGV, Segmentation fault. getRATIONAL (this=<optimized out>) at dpyfuncs.cc:938 938 } (gdb) bt #0 getRATIONAL (this=<optimized out>) at dpyfuncs.cc:938 #1 dpyRationalAsDouble (ctx=..., name=<optimized out>, e=..., units=0x0) at dpyfuncs.cc:346 #2 0x000000000040ebe3 in displayTags (driver=driver@entry=0x661010, header=header@entry=0x45820d "EXIF Fields", tag_map=..., known=<optimized out>, verbose=0) at metacam.cc:86 #3 0x000000000040742f in processFile (is=..., fname=<optimized out>, driver=0x661010) at metacam.cc:296 #4 main (argc=<optimized out>, argv=<optimized out>) at metacam.cc:359 #5 0x00007ffff72d1ead in __libc_start_main (main=<optimized out>, argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe4b8) at libc-start.c:244 #6 0x000000000040c271 in _start () (gdb) list 933 17 42 33 43 06 - ?? only on D ?? 934 00 00 00 00 00 02 02 - ?? don't know ?? constant 935 936 */ 937 938 } -- Henri Salo
signature.asc
Description: Digital signature