[Secure-testing-team] Bug#885981: exiv2:CVE-2017-18005: Null Pointer Dereference in the Exiv2::DataValue::toLong function
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 1 09:38:32 UTC 2018
Source: exiv2
Version: 0.24-1
Severity: normal
Tags: patch security upstream
Forwarded: https://github.com/Exiv2/exiv2/issues/168
Hi,
the following vulnerability was published for exiv2.
CVE-2017-18005[0]:
| Exiv2 0.26 has a Null Pointer Dereference in the
| Exiv2::DataValue::toLong function in value.cpp, related to crafted
| metadata in a TIFF file.
The underlying issue according to [2] is that the code is trying to
pring a value in the if statement:
if (Params::instance().printItems_ & Params::prValue)
when this might not be possible. Fix is done via [2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-18005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18005
[1] https://github.com/Exiv2/exiv2/issues/168
[2] https://github.com/Exiv2/exiv2/pull/199
Please adjust the affected versions in the BTS as needed, please
double check my assessment for it back to 0.24-1 is done right.
The poc does not trigger, if I'm not completely wrong the affected
code is there.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list