Bug#779527: exifprobe: denial of service

Henri Salo henri at nerv.fi
Sun Mar 1 21:34:33 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: exifprobe
Version: 2.0.1-3
Severity: important
Tags: security

Following attached sample file hangs exifprobe and uses all CPU from one core.
Sample file is fuzzed with american fuzzy lop <http://lcamtuf.coredump.cx/afl/>.

00000000  ff d8 ff e0 00 10 4a 46  49 46 4a 46 49 46 00 01  |......JFIFJFIF..|
00000010  00 01 00 00 ff ec 00 43                           |.......C|
00000018

Starting program: exifprobe-2.0.1/exifprobe -c sample2.jpg
File Name = sample2.jpg
File Type = JPEG
File Size = 24
@000000000=0       :  <JPEG_SOI>
@0x0000002=2       :    <JPEG_APP0> 0xffe0 length 16,  - (not dumped: use -A)
@0x0000013=19      :    </JPEG_APP0>
@0x0000014=20      :    <JPEG_APP12> 0xffec length 67,  FAILED to read character at offset 24 (EOF)

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJU84XpAAoJECet96ROqnV0MLsP/i08u5Ht82ElZlg9n0TdF23x
1G9Muhz93Pa78dxvE9FVh7mjFr9Qsp3WwXlEAXrK8uM+aVECZYDHe5RXDn5nGcGp
h2Z1bLXOZATJ7bPbJJ6WFCvKuh6NgAx/+E/sSY3CGe3yJl6CsBsV8a/DlqCuEUen
UibQuML64Yz0W6Q0AHnWmopsuqNZ49Sml6CBjSDPLqYeNQIVFCqwlucn3h8ENuox
L7ZdXh0xhaYqcKzaj550IbgbqBg1SiNbJqeEN0/HeHLPwA4Fk/U0zHSjPTvcrjLG
nTpLa+e9WBDw9BJOlFQj4U4/mz26HDc2iTaJ/sNmwDQZ5hJsvtjxADI6Jdp+LWc0
Ti9P/4gKrKuA2DEYfTGzL7lX8YQQ6HiVP3zWnJB64isGCP5dgcl5jL27QhmUyaeF
jtuP/ND+X0kBHjpkcv/hJArfk2+XfQKe8lcIGeJRX3DhwMD1oc5lq5g+2RoJHvZa
aJGxeZGWc6d3ObkpPbHqUX5NxqqsSVttMjETMfcBLAe7xq2n1PhyZZH1vU2aqdiQ
K89aW+HdKhJvvmixZ6DQzID9I9JdGn0/OWtKkBHQoazgGjOv0BgccDGX/fRYa9y0
4iHl0WLGeDk1B8dW2CzD13sqDAym/cDAyDUthLt5LpNOtrL3Cv/ykjyjC2b5UInS
klUsjJiVX6eqtMnindFu
=fiJn
-----END PGP SIGNATURE-----



More information about the forensics-devel mailing list