Bug 1524116
| Summary: | exiv2 library: assertion aborted in Exiv2::(anonymous namespace)::readHeader (bigtiffimage.cpp) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Wei You <WeiYou1988> | ||||
| Component: | exiv2 | Assignee: | Jan Grulich <jgrulich> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.5-Alt | ||||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-08-06 12:47:14 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Fixed with exiv2-0.27.0-1.el7_6. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:2101 |
Created attachment 1365485 [details] poc to trigger the vulnerability on 0.26 (the latest version): there is a reachable assertion aborted in Exiv2::(anonymous namespace)::readHeader in bigtiffimage.cpp, which can be triggered by poc_2.tiff in the attachment. Note that this vulnerability exists in the exiv2 library, any software using exiv2 will be affected by this vulnerability. Remote attackers can exploit this vulnerability cause a denial of service via a crafted tiff file. As a demonstration, please run the following command-line to trigger this vulnerability: ./bin/exiv2 poc_2.tiff exiv2: /homes/you58/exiv2/master/src/bigtiffimage.cpp:113: Exiv2::(anonymous namespace)::Header Exiv2::(anonymous namespace)::readHeader(Exiv2::BasicIo &): Assertion `size == 8' failed. Aborted (core dumped)