Bug 1127394 – VUL-0: CVE-2019-9143: exiv2: infinite recursion at Exiv2:Image:printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Servi

Bug 1127394 - (CVE-2019-9143) VUL-0: CVE-2019-9143: exiv2: infinite recursion at Exiv2:Image:printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Servi

(CVE-2019-9143)
Summary:	VUL-0: CVE-2019-9143: exiv2: infinite recursion at Exiv2:Image:printTiffStruc...

Status:	NEW

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/225405/
Whiteboard:	CVSSv3:SUSE:CVE-2019-9143:5.5:(AV:L/A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-02-28 15:46 UTC by Marcus Meissner
Modified:	2022-10-28 16:35 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
h1 (19.79 KB, application/octet-stream) 2019-02-28 15:55 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2019-02-28 15:46:42 UTC

CVE-2019-9143

An issue was discovered in Exiv2 0.27. There is infinite recursion at
Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by
a crafted file. It allows an attacker to cause Denial of Service (Segmentation
fault) or possibly have unspecified other impact.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9143
http://www.securityfocus.com/bid/107161
https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/
https://github.com/Exiv2/exiv2/issues/711

Comment 1 Marcus Meissner 2019-02-28 15:55:30 UTC

QA REPRODUCER:

exiv2 -b -u -k -p R pr h1

Comment 2 Marcus Meissner 2019-02-28 15:55:46 UTC

Created attachment 798450 [details]
h1

QA REPRODUCER:

exiv2 -b -u -k -p R pr h1

Comment 5 Dirk Mueller 2022-10-28 16:35:51 UTC

verified again, we're not affected: 

bdd765ec4c84:/tmp # rpm -q exiv2
exiv2-0.26-150000.6.38.1.x86_64
bdd765ec4c84:/tmp # exiv2 -b -u -k -p R pr h1
exiv2: Action not available in Release mode: 'R'
Usage: exiv2 [ options ] [ action ] file ...

Manipulate the Exif metadata of images.
bdd765ec4c84:/tmp # exiv2 -b -u -k  pr h1
Warning: Directory PanasonicRaw has an unexpected next pointer; ignored.
File name       : h1
File size       : 20268 Bytes
MIME type       : image/x-panasonic-rw2
Image size      : 0 x 0
h1: No Exif data found in the file