Bug 451613 - (CVE-2008-2696) CVE-2008-2696 exiv2: crash / divide by zero on crafted images
CVE-2008-2696 exiv2: crash / divide by zero on crafted images
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
source=cve,reported=20080613,impact=low
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-16 02:53 EDT by Tomas Hoger
Modified: 2010-03-29 04:15 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-29 04:15:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-06-16 02:53:47 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2696 to the following vulnerability:

Exiv2 0.16 allows user-assisted remote attackers to cause a denial of
service (divide-by-zero and application crash) via a zero value in
Nikon lens information in the metadata of an image, related to "pretty
printing" and the RationalValue::toLong function.

Fixed upstream in: 0.17

References:
http://bugzilla.gnome.org/show_bug.cgi?id=524715
http://dev.robotbattle.com/bugs/view.php?id=0000546
http://www.exiv2.org/changelog.html
http://www.securityfocus.com/bid/29586
http://secunia.com/advisories/30519
http://xforce.iss.net/xforce/xfdb/42885
Comment 1 Tomas Hoger 2008-06-16 03:02:39 EDT
I'm not quite convinced this should be called security vulnerability rather than
a regular bug.  I only see various "client" applications in Fedora using exiv2,
and their crash is rather annoyance than DoS.  But maybe there are other usages
of exiv2 where crash would matter.

Patch in the upstream SVN:
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2?view=rev&revision=1399
Comment 2 Tomas Hoger 2010-03-29 04:15:40 EDT
All current Fedora / EPEL versions use exiv2 version 0.17.1 or newer.

Note You need to log in before you can comment on or make changes to this bug.