[Bug 1857519] Re: Segmentation fault detected in function Get32s of exif.c when running jhead 3.04
I review the source code and try to find why this error occurs. I find line 138 of gpsinfo.c calls function Get32s and its parameter is ValuePtr+4+a*ComponentSize. However, the parameter which doesn't been verified may not be a valid pointer. So we will get a segmentation fault when the pointer be dereferenced with a malicious JPEG file. This may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857519 Title: Segmentation fault detected in function Get32s of exif.c when running jhead 3.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1857519/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1857521] Re: heap-buffer-overflow detected in function process_DQT of jpgqguess.c when running jhead 3.04
** Information type changed from Private Security to Public Security ** Information type changed from Public Security to Private Security ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857521 Title: heap-buffer-overflow detected in function process_DQT of jpgqguess.c when running jhead 3.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1857521/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1857519] Re: Segmentation fault detected in function Get32s of exif.c when running jhead 3.04
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857519 Title: Segmentation fault detected in function Get32s of exif.c when running jhead 3.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1857519/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
