Bug 1663878 (CVE-2018-20030) - CVE-2018-20030 libexif: Input validation issue resulting in a denial of service
Summary: CVE-2018-20030 libexif: Input validation issue resulting in a denial of service
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-20030
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1663879 1673461 1673462
Blocks: 1663880
TreeView+ depends on / blocked
 
Reported: 2019-01-07 09:27 UTC by Andrej Nemec
Modified: 2021-10-25 22:22 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-25 22:22:18 UTC
Embargoed:

Attachments (Terms of Use)

Description Andrej Nemec 2019-01-07 09:27:19 UTC 
It was found that specially crafted XIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags could be used for a denial of service.

References:

https://seclists.org/bugtraq/2018/Dec/31
Comment 1 Andrej Nemec 2019-01-07 09:27:27 UTC 
Created libexif tracking bugs for this issue:

Affects: fedora-all [bug 1663879]
Comment 2 Riccardo Schirone 2019-02-07 11:43:26 UTC 
Upstream patch:
https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
Comment 4 Riccardo Schirone 2019-02-07 14:53:11 UTC 
External References:

https://seclists.org/bugtraq/2018/Dec/31
Comment 5 Riccardo Schirone 2019-02-07 15:00:40 UTC 
Function exif_data_load_data_content() in exif-data.c recursively calls itself when EXIF_TAG_EXIF_IFD_POINTER, EXIF_TAG_INTEROPERABILITY_IFD_POINTER or EXIF_TAG_GPS_INFO_IFD_POINTER tags are found. A specially crafted file may abuse this recursion by making the program waste a lot of time on it.
Note You need to log in before you can comment on or make changes to this bug.