Public bug reported:
## Title
[Regression] libexiv2-27 security update ubuntu0.1 breaks C++ ABI, causes
SIGSEGV in KExiv2
## Description
After applying the recent security updates to `libexiv2-27` (version
`0.27.6-1ubuntu0.1`) on Kubuntu 24.04 (Noble), the KDE file manager (Dolphin)
background thumbnail worker (`kioslave5 thumbnail`) crashes repeatedly.
Any time the KDE environment attempts to generate a thumbnail for
certain JPEGs (which uses `kdegraphics-thumbnailers` ->
`jpegthumbnail.so` -> `libKF5KExiv2.so` -> `libexiv2`), it immediately
encounters a Segmentation Fault. This results in heavy spam of
"kioslave5 Closed Unexpectedly" (Dr Konqi) crash notifications on the
desktop tray.
Downgrading `libexiv2-27` back to `0.27.6-1build1` resolves the issue
completely.
## Steps to Reproduce
1. Ensure Kubuntu 24.04 and `libexiv2-27` version `0.27.6-1ubuntu0.1` are
installed.
2. Open Dolphin or a KDE-integrated application (like Discord with the KDE file
picker).
3. Navigate to a directory containing JPEGs, or scroll through a large list of
images.
4. The Dr Konqi crash handler will repeatedly pop up with "kioslave5 thumbnail
crash".
## Expected Behavior
JPEG thumbnails should generate without crashing the underlying worker.
## System Information
- OS: Ubuntu 24.04 LTS (Kubuntu)
- Architecture: amd64
- Packages Involved:
- libexiv2-27 (0.27.6-1ubuntu0.1)
- libkf5kexiv2-15.0.0 (23.08.5-0ubuntu3)
- kdegraphics-thumbnailers (4:23.08.5-0ubuntu4)
## Crash Trace / Backtrace (GDB)
Obtained via Apport core dump of
`/usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave5`:
#0 __pthread_kill_implementation at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill at ./nptl/pthread_kill.c:89
#3 0x0000764f1704527e in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
#4 0x0000764f176bc6bf in KCrash::defaultCrashHandler(int) () from
/lib/x86_64-linux-gnu/libKF5Crash.so.5
#5 <signal handler called>
#6 0x0000000000000000 in ?? ()
#7 0x0000764efed165c1 in KExiv2Iface::KExiv2::load(QString const&) const ()
from /lib/x86_64-linux-gnu/libKF5KExiv2.so.15.0.0
#8 0x0000764efed16dc9 in KExiv2Iface::KExiv2::KExiv2(QString const&) () from
/lib/x86_64-linux-gnu/libKF5KExiv2.so.15.0.0
## Suspected Cause & Upstream Context
The `0.27.6-1ubuntu0.1` patch introduced fixes for several CVEs. One of the
fixes (CVE-2025-55304, mitigating quadratic performance in JPEG ICC parsing)
was implemented upstream via commit `472d55e` by adding new virtual methods
(`appendIccProfile` and `checkIccProfile`) to the public `Exiv2::Image` C++
class.
Upstream Exiv2 later discovered that adding these virtual methods
silently broke the ABI (vtable layout) for consumers built against older
headers (see Exiv2 GitHub issue: "Silent ABI break in 0.28.6").
It appears Ubuntu's security backport of CVE-2025-55304 into the
`0.27.6` tree carried over this exact ABI break. Because reverse
dependencies like KDE's `libKF5KExiv2` have not been rebuilt against
this new vtable layout, invoking metadata loads instantly segfaults when
it hits the misaligned vtable slots.
** Affects: exiv2 (Ubuntu)
Importance: Undecided
Status: New
** Tags: regression-update
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2144818
Title:
[Regression] libexiv2-27 security update 0.27.6-1ubuntu0.1 causes
SIGSEGV via ABI break
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/2144818/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
