-
Notifications
You must be signed in to change notification settings - Fork 278
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in Exiv2::IptcData::printStructure #159
Comments
This commit adds a out-of-bounds protection in the case that the extracted values for offset & count are summed up larger than the size of the file. Also this function checks for overflows before performing the addition. This fixes Exiv2#159
Thanks for the report, the issue should be fixed by #160. |
Hello. I checked the patch. But, I found New bug. Please confirm. Thanks. PoC download : PoC
|
Can you provide the image in another format, please. I don't know how to decompress a .DMS file on the Mac. |
The file printStructure.dms is an image (it's not a compressed image). The PR disable-printStructure fixes this. However, I haven't added printStructure.dms to the test suite. I'm 100% defeated by Git and PR disable-printStructure_ which appears to include the totally unrelated PR documentation-update. The PR disable-printStructure breaks the test suite and although I know how to fix the suite on my local machine, I don't know how to submit my fix to master. |
Can I ask you to unravel the mess with this issue, PR disable-printStructure and PR documentation-update I feel totally locked out of Exiv2 by GIT. I'm unable to submit anything to the system. Alison and I are off to weddings in Scotland and Vietnam tomorrow (2017-11-16). We get home on 2017-12-05. I'll answer email while travelling. I'm not going to attempt to interact with GIT. Assuming that disable-printStructure has the effect of stabilising the security of Exiv2, I'll be happy to work in December on publishing v0.27. The website was moved to SVN in September and I can make the release without touching Git. And then it is time for me to retire. In 2018 I am willing to continue answering user issues about Exiv2 and to help you in any way with the project via email or Slack. However, I am defeated by Git and locked out of http://github.com/exiv2/exiv2 |
Hi @gy741 , I was spending some time checking out all the open issues in the project and you are right. The second POC you provided is still making exvi2 crash (when using the sanitizers). However the issue with the first POC is solved. Our plan is to stop using the printStructure function soon. We'll keep you updated. |
This commit adds a out-of-bounds protection in the case that the extracted values for offset & count are summed up larger than the size of the file. Also this function checks for overflows before performing the addition. This fixes Exiv2#159
The bug described in the issue got resolved by PR Exiv2#461 (slices).
The bug described in the issue got resolved by PR Exiv2#461 (slices).
Hello.
I found a heap-buffer-overflow bug in exiv2.
Please confirm.
Thanks.
OS: Ubuntu 16.04 64bit
Steps to reproduce:
1.Download the .POC files.
2.Compile the source code with ASan.
PoC download : PoC
The text was updated successfully, but these errors were encountered: