Bug 1594643
Summary: | CVE-2018-12648 exempi: NULL pointer dereference in WEBP_Support.hpp:WEBP::GetLE32() allows for denial of service [fedora-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Sam Fowler <sfowler> |
Component: | exempi | Assignee: | Nikola Forró <nforro> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 28 | CC: | dakingun, jchaloup, nforro, sfowler |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | exempi-2.4.5-4.fc29 exempi-2.4.5-4.fc28 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-07 20:58:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1594642 |
Description
Sam Fowler
2018-06-25 05:27:45 UTC
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1594642,1594643 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new Reproduced with exempi-2.4.5-1.fc27.x86_64: # gdb -q exempi Reading symbols from exempi...Reading symbols from /usr/lib/debug/usr/bin/exempi-2.4.5-1.fc27.x86_64.debug...done. done. (gdb) r -x -o out CVE-2018-12648 Starting program: /usr/bin/exempi -x -o out CVE-2018-12648 Missing separate debuginfos, use: dnf debuginfo-install glibc-2.26-28.fc27.x86_64 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". processing file CVE-2018-12648 dump_xmp for file CVE-2018-12648 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff69e36db in WEBP::GetLE16 (data=0x0) at ../../../XMPFiles/source/FormatSupport/WEBP_Support.hpp:35 35 return (XMP_Uns32)(data[0] << 0) | (data[1] << 8); Missing separate debuginfos, use: dnf debuginfo-install expat-2.2.5-1.fc27.x86_64 libasan-7.3.1-5.fc27.x86_64 libgcc-7.3.1-5.fc27.x86_64 libstdc++-7.3.1-5.fc27.x86_64 zlib-1.2.11-4.fc27.x86_64 (gdb) bt #0 0x00007ffff69e36db in WEBP::GetLE16 (data=0x0) at ../../../XMPFiles/source/FormatSupport/WEBP_Support.hpp:35 #1 0x00007ffff69e37a9 in WEBP::GetLE32 (data=0x0) at ../../../XMPFiles/source/FormatSupport/WEBP_Support.hpp:45 #2 0x00007ffff69e5618 in WEBP::VP8XChunk::xmp (this=0x607000002a20, hasXMP=true) at WEBP_Support.cpp:163 #3 0x00007ffff69e5a86 in WEBP::Container::Container (this=0x6120000001c0, handler=0x60d000000110) at WEBP_Support.cpp:210 #4 0x00007ffff68b9bf2 in WEBP_MetaHandler::CacheFileData (this=0x60d000000110) at WEBP_Handler.cpp:89 #5 0x00007ffff67ece4e in DoOpenFile (thiz=0x613000000040, clientIO=0x0, clientPath=0x7fffffffe82c "CVE-2018-12648", format=538976288, openFlags=1) at XMPFiles.cpp:908 #6 0x00007ffff67ed6e1 in XMPFiles::OpenFile (this=0x613000000040, clientPath=0x7fffffffe82c "CVE-2018-12648", format=538976288, openFlags=1) at XMPFiles.cpp:1011 #7 0x00007ffff67e3262 in WXMPFiles_OpenFile_1 (xmpObjRef=0x613000000040, filePath=0x7fffffffe82c "CVE-2018-12648", format=538976288, openFlags=1, wResult=0x7fffffffddc0) at WXMPFiles.cpp:234 #8 0x00007ffff6735b46 in TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::OpenFile (this=0x602000000010, filePath=0x7fffffffe82c "CVE-2018-12648", format=538976288, openFlags=1) at ../public/include/client-glue/TXMPFiles.incl_cpp:313 #9 0x00007ffff6720819 in xmp_files_open_new (path=0x7fffffffe82c "CVE-2018-12648", options=XMP_OPEN_READ) at exempi.cpp:280 #10 0x000000000040367e in get_xmp_from_file (filename=0x7fffffffe82c "CVE-2018-12648", no_reconcile=false, is_an_xmp=false) at main.cpp:235 #11 0x0000000000403859 in dump_xmp (filename=0x7fffffffe82c "CVE-2018-12648", no_reconcile=false, is_an_xmp=false, outio=0x616000000080) at main.cpp:250 #12 0x00000000004044bb in process_file (filename=0x7fffffffe82c "CVE-2018-12648", no_reconcile=false, is_an_xmp=false, write_in_place=false, dump_xml=true, action=0, value_name="", prop_value="", output="out") at main.cpp:340 #13 0x0000000000403082 in main (argc=1, argv=0x7fffffffe5e8) at main.cpp:186 exempi-2.4.5-4.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d8824aeec5 exempi-2.4.5-4.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-05d08fddf8 exempi-2.4.5-4.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d8824aeec5 exempi-2.4.5-4.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-05d08fddf8 exempi-2.4.5-4.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. exempi-2.4.5-4.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. |