Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1545246 - (CVE-2017-17722) CVE-2017-17722 exiv2: reachable assertion in the readHeader function in bigtiffimage.cpp
CVE-2017-17722 exiv2: reachable assertion in the readHeader function in bigti...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20171210,reported=2...
: Security
Depends On: 1545247 1547608
Blocks: 1545252
  Show dependency treegraph
 
Reported: 2018-02-14 08:17 EST by Laura Pardo
Modified: 2018-07-16 09:20 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A reachable assertion was found in Exiv2 while reading the header of a BigTIFF image. By persuading a victim to open a crafted BigTIFF image, a remote attacker could crash the application.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-02-23 04:44:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Laura Pardo 2018-02-14 08:17:49 EST 
A flaw was found in Exiv2 from commit 307faae8304d. When the library is
compiled in Debug mode, there is a reachable assertion in the readHeader
function in bigtiffimage.cpp, which will lead to a crash via a crafted BigTIFF
file.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1524116
https://github.com/Exiv2/exiv2/issues/228
https://github.com/Exiv2/exiv2/issues/208

Patch:
https://github.com/Exiv2/exiv2/commit/1647908e00a4df7246d76678e59587e62c690dcd
Comment 1 Laura Pardo 2018-02-14 08:18:27 EST 
Created exiv2 tracking bugs for this issue:

Affects: fedora-all [bug 1545247]
Comment 4 Riccardo Schirone 2018-02-21 10:44:02 EST 
Statement:

This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for BigTIFF images.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.