Bug 1061013 - (CVE-2017-14857) VUL-0: CVE-2017-14857: exiv2: bad free in Exiv2::Image::~Image (image.cpp:173)
(CVE-2017-14857)
VUL-0: CVE-2017-14857: exiv2: bad free in Exiv2::Image::~Image (image.cpp:173)
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Dirk Mueller
Security Team bot
https://smash.suse.de/issue/192615/
CVSSv2:NVD:CVE-2017-14857:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-29 08:08 UTC by Victor Pereira
Modified: 2018-06-06 14:36 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-09-29 08:08:22 UTC
rh#1495043

In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that
leads to a Segmentation fault. A crafted input will lead to a denial of service
attack.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1495043
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14857
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14857.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14857
Comment 1 Dirk Mueller 2017-10-17 13:33:20 UTC
https://github.com/Exiv2/exiv2/issues/124
Comment 3 Dirk Mueller 2018-05-30 11:57:18 UTC
so the commit associated with this is https://github.com/D4N/exiv2/commit/74cb5bab132ed76adf15df172c5e8b58cddaa96c

see https://github.com/Exiv2/exiv2/issues/76 which is patching code that does not exist in SLE11 or SLE12 as far as I can see. the testing framework for reproducers didn't exist in 0.17 and 0.23, but from a cursory look I'd say we're not affected there. agree to close this?
Comment 4 Marcus Meissner 2018-06-06 13:03:49 UTC
yes, can be closed