Bug 1076579 – VUL-0: CVE-2018-5772: exiv2: In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure function in the image.cpp file. Remoteattackers could leverage this vulnerability to cause a

Bug 1076579 - (CVE-2018-5772) VUL-0: CVE-2018-5772: exiv2: In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure function in the image.cpp file. Remoteattackers could leverage this vulnerability to cause a

(CVE-2018-5772)
Summary:	VUL-0: CVE-2018-5772: exiv2: In Exiv2 0.26, there is a segmentation fault cau...

Status:	REOPENED

Classification:	openSUSE
Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Other
Version:	Current
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assigned To:	Dirk Mueller
QA Contact:	E-mail List

URL:	https://smash.suse.de/issue/198622/
Whiteboard:	CVSSv3.1:SUSE:CVE-2018-5772:3.3:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-01-18 12:42 UTC by Marcus Meissner
Modified:	2022-08-12 07:14 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-01-18 12:42:16 UTC

CVE-2018-5772

In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in
the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote
attackers could leverage this vulnerability to cause a denial of service via a
crafted tif file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5772
https://github.com/Exiv2/exiv2/issues/216

Comment 1 Marcus Meissner 2018-01-18 13:53:44 UTC

Does not seem to affect 0.25., only 0.26

Comment 2 Dirk Mueller 2018-10-30 09:14:40 UTC

The upstream fix was to remove any call to printStructure(..) while parsing the metadata, which was upstream not backported to 0.26, as it breaks the testsuite, which was heavily using the output from printStructure() before. 

most vendors have just added a local patch to remove the printStructure calls ignoring the test suite breakage.

Comment 3 Dirk Mueller 2018-10-30 09:15:20 UTC

we could do just that, or wait for 0.27 (which hopefully gets released soonish)

Comment 4 Timothy Brown 2022-06-09 04:18:47 UTC

Package has been updated to 0.27.5 which includes fix.

Comment 5 Marcus Meissner 2022-06-09 16:20:39 UTC

sle12 and sle15 still unfixed

Comment 6 Timothy Brown 2022-06-10 00:15:51 UTC

Sorry, I thought this bug was tumbleweed specific because of the "product".