Bug#863410: marked as done (exiv2: CVE-2017-9239)

Debian Bug Tracking System Mon, 05 Jun 2017 14:10:07 -0700

Your message dated Mon, 05 Jun 2017 21:04:42 +0000
with message-id <[email protected]>
and subject line Bug#863410: fixed in exiv2 0.25-3.1
has caused the Debian Bug report #863410,
regarding exiv2: CVE-2017-9239
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
863410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863410
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: exiv2
Version: 0.24-4.1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for exiv2.

CVE-2017-9239[0]:
| An issue was discovered in Exiv2 0.26. When the data structure of the
| structure ifd is incorrect, the program assigns pValue_ to 0x0, and the
| value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the
| value of pValue() to cause a segmentation fault. To exploit this
| vulnerability, someone must open a crafted tiff file.

"Demostrable" with convert-test, in unstable, but I think the very
same issue should be in 0.24 as well, since the code path should be
the same (but please confirm):

Program terminated with signal SIGSEGV, Segmentation fault.
#0  Exiv2::Internal::TiffImageEntry::doWriteImage (this=0x55fbc5220620, 
ioWrapper=...)
    at tiffcomposite.cpp:1610
1610        } // TiffIfdMakernote::doWriteImage
(gdb) bt
#0  Exiv2::Internal::TiffImageEntry::doWriteImage (this=0x55fbc5220620, 
ioWrapper=...)
    at tiffcomposite.cpp:1610
#1  0x00007f609169cb6d in Exiv2::Internal::TiffComponent::writeImage (
    byteOrder=Exiv2::littleEndian, ioWrapper=..., this=<optimized out>) at 
tiffcomposite.cpp:1555
#2  Exiv2::Internal::TiffDirectory::doWriteImage (this=0x55fbc521fc20, 
ioWrapper=..., 
    byteOrder=Exiv2::littleEndian) at tiffcomposite.cpp:1570
#3  0x00007f60916a4f31 in Exiv2::Internal::TiffComponent::writeImage (
    byteOrder=Exiv2::littleEndian, ioWrapper=..., this=0x55fbc521fc20) at 
tiffcomposite.cpp:1555
#4  Exiv2::Internal::TiffDirectory::doWrite (this=<optimized out>, 
ioWrapper=..., 
    byteOrder=Exiv2::littleEndian, offset=8, valueIdx=<optimized out>, 
dataIdx=3142, 
    imageIdx=@0x7ffe1b26439c: 3240) at tiffcomposite.cpp:1200
#5  0x00007f60916ab41b in Exiv2::Internal::TiffParserWorker::encode (io=..., 
    pData=pData@entry=0x7f6091c25000 <error: Cannot access memory at address 
0x7f6091c25000>, 
    size=size@entry=459, exifData=..., iptcData=..., xmpData=..., root=131072, 
    findEncoderFct=<optimized out>, pHeader=<optimized out>, pOffsetWriter=0x0)
    at tiffimage.cpp:2176
#6  0x00007f60916ac29c in Exiv2::TiffParser::encode (io=..., 
    pData=pData@entry=0x7f6091c25000 <error: Cannot access memory at address 
0x7f6091c25000>, 
    size=size@entry=459, byteOrder=byteOrder@entry=Exiv2::littleEndian, 
exifData=..., 
    iptcData=..., xmpData=...) at tiffimage.cpp:276
#7  0x00007f60916ac3f3 in Exiv2::TiffImage::writeMetadata (this=0x55fbc521c640)
    at tiffimage.cpp:219
#8  0x000055fbc4746121 in main (argc=<optimized out>, argv=<optimized out>)
    at convert-test.cpp:30
(gdb)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9239
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9239

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: exiv2
Source-Version: 0.25-3.1

We believe that the bug you reported is fixed in the latest version of
exiv2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <[email protected]> (supplier of updated exiv2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 05 Jun 2017 22:42:20 +0200
Source: exiv2
Binary: exiv2 libexiv2-14 libexiv2-dev libexiv2-doc libexiv2-dbg
Architecture: source amd64 all
Version: 0.25-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team <[email protected]>
Changed-By: Moritz Muehlenhoff <[email protected]>
Description:
 exiv2      - EXIF/IPTC/XMP metadata manipulation tool
 libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library
 libexiv2-dbg - EXIF/IPTC/XMP metadata manipulation library - debug
 libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files
 libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation
Closes: 863410
Changes:
 exiv2 (0.25-3.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2017-9239 (Closes: #863410)
Checksums-Sha1:
 849ccab9fdb77673f9b2c6316e4815476bc9f8f3 2276 exiv2_0.25-3.1.dsc
 74610e65fdee1f574151a83d5c95a010d4aa912b 20320 exiv2_0.25-3.1.debian.tar.xz
 e3b63460762b991715e16d1ce8cd2894ec3cf756 8699 exiv2_0.25-3.1_amd64.buildinfo
 b81e798b89b509cfe1c787a585b78fa7c98b0b5f 108212 exiv2_0.25-3.1_amd64.deb
 ad3860b62884f7eb932b41c673977d91212ba51c 710864 libexiv2-14_0.25-3.1_amd64.deb
 d45cec8bd486ed7efe793d1cfdc5a4ac3047acf2 6251662 
libexiv2-dbg_0.25-3.1_amd64.deb
 be5ba73a6578da320cf72789252fb4f421ca07b9 1545300 
libexiv2-dev_0.25-3.1_amd64.deb
 d0dba9023561d72903a331ba756f5408e35e935f 20235230 libexiv2-doc_0.25-3.1_all.deb
Checksums-Sha256:
 15400cca0136f2f49cf2a58861731142f05b8144c6d24f0634576fc0eaca19c1 2276 
exiv2_0.25-3.1.dsc
 f218974f4a93338cd45a2eb65507b409694a905fe0d3ff8c7d3091d91576f67c 20320 
exiv2_0.25-3.1.debian.tar.xz
 6038e93f8768ba4a7b869e65206e5626ba3105322029d259ac7386a6c874773d 8699 
exiv2_0.25-3.1_amd64.buildinfo
 3fe010cab4d4f1a77d7aa20b99eae8ee776f85979c39da25c5bbe6177eb526dc 108212 
exiv2_0.25-3.1_amd64.deb
 0fa5c8f6242b6786e7409a0f3ef46a1730c12797960780a8f9ad9f0f04864520 710864 
libexiv2-14_0.25-3.1_amd64.deb
 5a7936634e4ea4b683c064e14bd29a09c79d6bd48af9edd30818d8ffb39eae6e 6251662 
libexiv2-dbg_0.25-3.1_amd64.deb
 9480a7a2447b06403f648d5dfb8aeadc006bf9007b35cec201532110d5eeed34 1545300 
libexiv2-dev_0.25-3.1_amd64.deb
 ec7d815c0e078ac6e4a63f59f139ead41a94c34d95213030076b1cbe239c53cd 20235230 
libexiv2-doc_0.25-3.1_all.deb
Files:
 57c170b72189253529f2f9764add9a63 2276 graphics optional exiv2_0.25-3.1.dsc
 f4636f324dc3bbf33a5e4501de96b205 20320 graphics optional 
exiv2_0.25-3.1.debian.tar.xz
 e52e801916c0869d274cf00051dc55fd 8699 graphics optional 
exiv2_0.25-3.1_amd64.buildinfo
 b9e162d53c88332039c64ba5292b0fd6 108212 graphics optional 
exiv2_0.25-3.1_amd64.deb
 be62414c0c59f141b22d1cbfb5172610 710864 libs optional 
libexiv2-14_0.25-3.1_amd64.deb
 b0fbe7509bc4e695c6beedf6a98638a7 6251662 debug extra 
libexiv2-dbg_0.25-3.1_amd64.deb
 1b383279d9de4fa2210791e98463f95b 1545300 libdevel optional 
libexiv2-dev_0.25-3.1_amd64.deb
 b977ce7ab380dab114f59b5118d21f3a 20235230 doc optional 
libexiv2-doc_0.25-3.1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlk1w5YACgkQEMKTtsN8
TjYNIw/6AlQqNIYkyghWJ2jVaF33A/E+TubaPuS7IvpNQYWz99GRfmtBKwm9QdiF
ZlSjlTEY2ub6ExgqPHZOAgY1BZZY7zwdZiCqbARlbN32JjFMvItOnF6z1/lt1Qn5
pLSp4438XeFkNfs9ZjFasvMJtGlAeR0NO0DQp861rCHRSylHSI/avkzeP7AJdDS0
UjGyambm+KNwlVBlHsMUZXGEgFsYnBwk500B0CX+SmKZz2Olb8LWBX73ZGUeIYI6
S1cYU9zx1KhVqVgGofGOk/UYCQEDd0RmXtAgT2YpEc04oD2HqAmbwwpo8aPkjiyG
0A3k7jrMmjJMtfGKh7jhitd6Td56407wucUIYTT2Lm0NXrERDeyQUaTZgzoCOgUm
io+olI2Xk2uLeAhbvlg0coOfgiK5JXtX5e1Dwp+FD4bV+QogQQVlIuyghQMTJPy/
oxdcwHmG4qegg2Y3cI1roOrckS6DHKC6/CiFGdyChWkMQXbM429MgPVfHi3KkA68
jQuwdWohx8+swL4io4tCAqZM6GlQuELgEyloZAc4qGYggh5jPTMrt6Kjn10RYD7b
QQhnekXO7auMvDMJp5JFLMyWISZXyZ483zHck6saRca6obeNMm1pQp4chx7eoIyl
fMPmX3MAobG6WcL++zL78ixEkinKvFzycLhM6ez3ZQUhBGSQnnw=
=GyEZ
-----END PGP SIGNATURE-----

--- End Message ---

Bug#863410: marked as done (exiv2: CVE-2017-9239)

Reply via email to