Bug 1127394 (CVE-2019-9143)

Summary: VUL-0: CVE-2019-9143: exiv2: infinite recursion at Exiv2:Image:printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Servi
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: abergmann, rfrohl, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/225405/
Whiteboard: CVSSv3:SUSE:CVE-2019-9143:5.5:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) maint:planned:update
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: h1

Description Marcus Meissner 2019-02-28 15:46:42 UTC
CVE-2019-9143

An issue was discovered in Exiv2 0.27. There is infinite recursion at
Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by
a crafted file. It allows an attacker to cause Denial of Service (Segmentation
fault) or possibly have unspecified other impact.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9143
http://www.securityfocus.com/bid/107161
https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/
https://github.com/Exiv2/exiv2/issues/711
Comment 1 Marcus Meissner 2019-02-28 15:55:30 UTC
QA REPRODUCER:

exiv2 -b -u -k -p R pr h1
Comment 2 Marcus Meissner 2019-02-28 15:55:46 UTC
Created attachment 798450 [details]
h1

QA REPRODUCER:

exiv2 -b -u -k -p R pr h1
Comment 5 Dirk Mueller 2022-10-28 16:35:51 UTC
verified again, we're not affected: 

bdd765ec4c84:/tmp # rpm -q exiv2
exiv2-0.26-150000.6.38.1.x86_64
bdd765ec4c84:/tmp # exiv2 -b -u -k -p R pr h1
exiv2: Action not available in Release mode: 'R'
Usage: exiv2 [ options ] [ action ] file ...

Manipulate the Exif metadata of images.
bdd765ec4c84:/tmp # exiv2 -b -u -k  pr h1
Warning: Directory PanasonicRaw has an unexpected next pointer; ignored.
File name       : h1
File size       : 20268 Bytes
MIME type       : image/x-panasonic-rw2
Image size      : 0 x 0
h1: No Exif data found in the file