Bug 1076579 - (CVE-2018-5772) VUL-0: CVE-2018-5772: exiv2: In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure function in the image.cpp file. Remoteattackers could leverage this vulnerability to cause a
(CVE-2018-5772)
VUL-0: CVE-2018-5772: exiv2: In Exiv2 0.26, there is a segmentation fault cau...
Status: REOPENED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Current
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Dirk Mueller
E-mail List
https://smash.suse.de/issue/198622/
CVSSv3.1:SUSE:CVE-2018-5772:3.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-18 12:42 UTC by Marcus Meissner
Modified: 2022-08-12 07:14 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-01-18 12:42:16 UTC
CVE-2018-5772

In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in
the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote
attackers could leverage this vulnerability to cause a denial of service via a
crafted tif file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5772
https://github.com/Exiv2/exiv2/issues/216
Comment 1 Marcus Meissner 2018-01-18 13:53:44 UTC
Does not seem to affect 0.25., only 0.26
Comment 2 Dirk Mueller 2018-10-30 09:14:40 UTC
The upstream fix was to remove any call to printStructure(..) while parsing the metadata, which was upstream not backported to 0.26, as it breaks the testsuite, which was heavily using the output from printStructure() before. 

most vendors have just added a local patch to remove the printStructure calls ignoring the test suite breakage.
Comment 3 Dirk Mueller 2018-10-30 09:15:20 UTC
we could do just that, or wait for 0.27 (which hopefully gets released soonish)
Comment 4 Timothy Brown 2022-06-09 04:18:47 UTC
Package has been updated to 0.27.5 which includes fix.
Comment 5 Marcus Meissner 2022-06-09 16:20:39 UTC
sle12 and sle15 still unfixed
Comment 6 Timothy Brown 2022-06-10 00:15:51 UTC
Sorry, I thought this bug was tumbleweed specific because of the "product".