Created attachment 1329486 [details]
==53639==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fa6170833e8 bp 0x7fff73e26870 sp 0x7fff73e263d0 T0)
#0 0x7fa6170833e7 in Exiv2::Image::printIFDStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, unsigned int, bool, char, int) /root/fuzzing/exiv2-trunk/src/image.cpp:408
#1 0x7fa6170848a3 in Exiv2::Image::printTiffStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, int, unsigned long) /root/fuzzing/exiv2-trunk/src/image.cpp:517
#2 0x7fa61716a73e in Exiv2::TiffImage::printStructure(std::ostream&, Exiv2::PrintStructureOption, int) /root/fuzzing/exiv2-trunk/src/tiffimage.cpp:348
#3 0x7fa617168c06 in Exiv2::TiffImage::readMetadata() /root/fuzzing/exiv2-trunk/src/tiffimage.cpp:191
#4 0x43ab02 in Action::Print::printSummary() /root/fuzzing/exiv2-trunk/src/actions.cpp:289
#5 0x43a1af in Action::Print::run(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /root/fuzzing/exiv2-trunk/src/actions.cpp:244
#6 0x422129 in main /root/fuzzing/exiv2-trunk/src/exiv2.cpp:170
#7 0x7fa6163e282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#8 0x421af8 in _start (/usr/local/exiv2_ASAN/bin/exiv2+0x421af8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/fuzzing/exiv2-trunk/src/image.cpp:408 Exiv2::Image::printIFDStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, unsigned int, bool, char, int)
exiv2 0.26 001a00 (64 bit build)
Copyright (C) 2004-2017 Andreas Huggel.
This was assigned CVE-2017-14863.
Can you please report the issue upstream?
The upstream issue is https://github.com/Exiv2/exiv2/issues/132. The problem has already been fixed.
Fixed with exiv2-0.27.0-1.el7_6.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.