Package: metacam Version: 1.2-6 Severity: important Tags: security metacam crashes when using following example input file fuzzed with AFL <http://lcamtuf.coredump.cx/afl/>.
5d4c287cf40b73d2a5aac8b4a7367564ce823937 afl-metacam-sample-001.jpg Starting program: metacam afl-metacam-sample-001.jpg File: afl-metacam-sample-001.jpg WARNING: Unknown field type 0 WARNING: Unknown field type 0 Standard Fields ----------------------------------- Program received signal SIGSEGV, Segmentation fault. tiffRATIONAL::normalize (this=0x0) at rationals.cc:40 40 if ((num == 0) || (den == 0)) return *this; (gdb) bt #0 tiffRATIONAL::normalize (this=0x0) at rationals.cc:40 #1 0x0000000000421bf7 in dpyResolution (ctx=..., name=0x4584f7 "X Resolution", e=...) at dpyfuncs.cc:194 #2 0x000000000040ebe3 in displayTags (driver=driver@entry=0x661010, header=header@entry=0x4581e5 "Standard Fields", tag_map=..., known=<optimized out>, verbose=0) at metacam.cc:86 #3 0x00000000004060bc in processFile (is=..., fname=<optimized out>, driver=0x661010) at metacam.cc:255 #4 main (argc=<optimized out>, argv=<optimized out>) at metacam.cc:359 #5 0x00007ffff72d1ead in __libc_start_main (main=<optimized out>, argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe4e8) at libc-start.c:244 #6 0x000000000040c271 in _start () (gdb) list 35 36 37 tiffRATIONAL 38 tiffRATIONAL::normalize() const 39 { 40 if ((num == 0) || (den == 0)) return *this; 41 unsigned long d = Euclid(num, den); 42 return tiffRATIONAL(num/d, den/d); 43 } 44 -- Henri Salo
signature.asc
Description: Digital signature
_______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel