Bug 1545249 (CVE-2017-17723)

Summary: CVE-2017-17723 exiv2: heap-based buffer over-read in Exiv2::Image::byteSwap4 in image.cpp
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jgrulich, mcepl, michel, rdieter, rschiron
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An integer wraparound, leading to heap-based out-of-bound read, was found in the way Exiv2 library prints Image File Directory(IFD) in TIFF images. By persuading a victim to open a crafted TIFF image, a remote attacker could crash the application or possibly retrieve a portion of memory.
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-14 09:18:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1545250, 1547488, 1547489    
Bug Blocks: 1545252    

Description Laura Pardo 2018-02-14 13:25:18 UTC
A flaw was found in Exiv2 0.26, there is a integer wraparound in the
Exiv2::Image::printIFDStructure function, leading to a heap-based buffer
over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote
attackers can exploit this vulnerability to disclose memory data or cause a
denial of service via a crafted TIFF file.


Comment 1 Laura Pardo 2018-02-14 13:25:41 UTC
Created exiv2 tracking bugs for this issue:

Affects: fedora-all [bug 1545250]

Comment 6 Riccardo Schirone 2018-02-21 12:58:31 UTC

This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7.