Bug 451613 (CVE-2008-2696)

Summary: CVE-2008-2696 exiv2: crash / divide by zero on crafted images
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: rdieter
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2696
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-29 08:15:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Hoger 2008-06-16 06:53:47 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2696 to the following vulnerability:

Exiv2 0.16 allows user-assisted remote attackers to cause a denial of
service (divide-by-zero and application crash) via a zero value in
Nikon lens information in the metadata of an image, related to "pretty
printing" and the RationalValue::toLong function.

Fixed upstream in: 0.17

References:
http://bugzilla.gnome.org/show_bug.cgi?id=524715
http://dev.robotbattle.com/bugs/view.php?id=0000546
http://www.exiv2.org/changelog.html
http://www.securityfocus.com/bid/29586
http://secunia.com/advisories/30519
http://xforce.iss.net/xforce/xfdb/42885
Comment 1 Tomas Hoger 2008-06-16 07:02:39 UTC 
I'm not quite convinced this should be called security vulnerability rather than
a regular bug.  I only see various "client" applications in Fedora using exiv2,
and their crash is rather annoyance than DoS.  But maybe there are other usages
of exiv2 where crash would matter.

Patch in the upstream SVN:
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2?view=rev&revision=1399
Comment 2 Tomas Hoger 2010-03-29 08:15:40 UTC 
All current Fedora / EPEL versions use exiv2 version 0.17.1 or newer.