Bug 1536904 (CVE-2018-5772)

Summary: CVE-2018-5772 exiv2: Uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() can allow a remote attacker to cause a denial of service via a crafted tif file
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jdeenada, jgrulich, michel, rdieter
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An unbounded recursion flaw was found in the way Exiv2 handled certain image files. An attacker could potentially use this flaw to crash the exiv2 CLI utility program by tricking it into processing crafted input files.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:37:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1536905, 1548336, 1548410    
Bug Blocks: 1536906    

Description Sam Fowler 2018-01-22 01:51:22 UTC
In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.

External References:

Upstream Issue:

Upstream Patch:

Comment 1 Sam Fowler 2018-01-22 01:51:46 UTC
Created exiv2 tracking bugs for this issue:

Affects: fedora-all [bug 1536905]

Comment 6 Dhiru Kholia 2018-02-23 09:10:51 UTC

This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.