[Secure-testing-team] Bug#773846: Buffer overflow in INFO tags of riff (patch from upstream)
Klaus Ethgen
Klaus at Ethgen.de
Tue Dec 23 23:19:05 UTC 2014
Package: exiv2
Version: 0.24-4.1
Severity: grave
Tags: security patch
There is a buffer overflow condition with some AVI files. I am not fully
sure but maybe it could be used for a code execution.
However, the bug is fixed upstream. See also report [0].
I extracted and tested the patch from upstream and added it to this
report.
This bug affects also many other packages that uses libexiv2. Namely
geeqie and digikam.
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (800, 'unstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.17.5 (SMP w/8 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages exiv2 depends on:
ii libc6 2.19-13
ii libexiv2-13 0.24-4.1
ii libgcc1 1:4.9.2-9
ii libstdc++6 4.9.2-9
exiv2 recommends no packages.
exiv2 suggests no packages.
-- no debconf information
[0] http://dev.exiv2.org/issues/1002
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-960-Added-a-Buffer-Overflow-Fix-in-INFO-tags-of-RIFF.patch
Type: text/x-diff
Size: 1322 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20141224/0b994635/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20141224/0b994635/attachment.sig>
More information about the Secure-testing-team
mailing list