Red Hat Bugzilla – Bug 1524116
exiv2 library: assertion aborted in Exiv2::(anonymous namespace)::readHeader (bigtiffimage.cpp)
Last modified: 2017-12-10 02:35:16 EST
Created attachment 1365485 [details]
poc to trigger the vulnerability
on 0.26 (the latest version):
there is a reachable assertion aborted in Exiv2::(anonymous namespace)::readHeader in bigtiffimage.cpp, which can be triggered by poc_2.tiff in the attachment.
Note that this vulnerability exists in the exiv2 library, any software using
exiv2 will be affected by this vulnerability. Remote attackers can exploit
this vulnerability cause a denial of service via a crafted tiff file.
As a demonstration, please run the following command-line to trigger this
exiv2: /homes/you58/exiv2/master/src/bigtiffimage.cpp:113: Exiv2::(anonymous namespace)::Header Exiv2::(anonymous namespace)::readHeader(Exiv2::BasicIo &): Assertion `size == 8' failed.
Aborted (core dumped)