-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: exifprobe Version: 2.0.1-3 Severity: important Tags: security
Following attached sample file hangs exifprobe and uses all CPU from one core. Sample file is fuzzed with american fuzzy lop <http://lcamtuf.coredump.cx/afl/>. 00000000 ff d8 ff e0 00 10 4a 46 49 46 4a 46 49 46 00 01 |......JFIFJFIF..| 00000010 00 01 00 00 ff ec 00 43 |.......C| 00000018 Starting program: exifprobe-2.0.1/exifprobe -c sample2.jpg File Name = sample2.jpg File Type = JPEG File Size = 24 @000000000=0 : <JPEG_SOI> @0x0000002=2 : <JPEG_APP0> 0xffe0 length 16, - (not dumped: use -A) @0x0000013=19 : </JPEG_APP0> @0x0000014=20 : <JPEG_APP12> 0xffec length 67, FAILED to read character at offset 24 (EOF) - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJU84XpAAoJECet96ROqnV0MLsP/i08u5Ht82ElZlg9n0TdF23x 1G9Muhz93Pa78dxvE9FVh7mjFr9Qsp3WwXlEAXrK8uM+aVECZYDHe5RXDn5nGcGp h2Z1bLXOZATJ7bPbJJ6WFCvKuh6NgAx/+E/sSY3CGe3yJl6CsBsV8a/DlqCuEUen UibQuML64Yz0W6Q0AHnWmopsuqNZ49Sml6CBjSDPLqYeNQIVFCqwlucn3h8ENuox L7ZdXh0xhaYqcKzaj550IbgbqBg1SiNbJqeEN0/HeHLPwA4Fk/U0zHSjPTvcrjLG nTpLa+e9WBDw9BJOlFQj4U4/mz26HDc2iTaJ/sNmwDQZ5hJsvtjxADI6Jdp+LWc0 Ti9P/4gKrKuA2DEYfTGzL7lX8YQQ6HiVP3zWnJB64isGCP5dgcl5jL27QhmUyaeF jtuP/ND+X0kBHjpkcv/hJArfk2+XfQKe8lcIGeJRX3DhwMD1oc5lq5g+2RoJHvZa aJGxeZGWc6d3ObkpPbHqUX5NxqqsSVttMjETMfcBLAe7xq2n1PhyZZH1vU2aqdiQ K89aW+HdKhJvvmixZ6DQzID9I9JdGn0/OWtKkBHQoazgGjOv0BgccDGX/fRYa9y0 4iHl0WLGeDk1B8dW2CzD13sqDAym/cDAyDUthLt5LpNOtrL3Cv/ykjyjC2b5UInS klUsjJiVX6eqtMnindFu =fiJn -----END PGP SIGNATURE----- _______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel