You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$./exiv2 POC6
ORF IMAGE
Error: Directory Image, entry 0x0000 has invalid size 4294967295*1; skipping entry.
Error: Offset of directory Image, entry 0x0000 is out of bounds: Offset = 0x7e000000; truncating the entry
Error: Offset of directory Image, entry 0x0111 is out of bounds: Offset = 0x7e000000; truncating the entry
File name : id:000023,sig:06,src:001147+000847,op:splice,rep:2
File size : 60 Bytes
MIME type : image/x-olympus-orf
Image size : 0 x 0
Camera make :
Camera model :
Image timestamp :
Image number :
Exposure time :
Aperture :
Exposure bias :
Flash :
Flash bias :
Focal length :
Subject distance:
ISO speed :
Exposure mode :
Metering mode :
Macro mode :
Image quality :
Exif Resolution :
White balance :
Thumbnail : None
Copyright :
Exif comment :
Segmentation fault
GDB debugging information is as follows:
(gdb) set args POC6
(gdb) r
...
Continuing.
ORF IMAGE
Error: Directory Image, entry 0x0000 has invalid size 4294967295*1; skipping entry.
Error: Offset of directory Image, entry 0x0000 is out of bounds: Offset = 0x7e000000; truncating the entry
Error: Offset of directory Image, entry 0x0111 is out of bounds: Offset = 0x7e000000; truncating the entry
File name : id:000023,sig:06,src:001147+000847,op:splice,rep:2
File size : 60 Bytes
MIME type : image/x-olympus-orf
Image size : 0 x 0
Camera make :
Camera model :
Image timestamp :
Image number :
Exposure time :
Aperture :
Exposure bias :
Flash :
Flash bias :
Focal length :
Subject distance:
ISO speed :
Exposure mode :
Metering mode :
Macro mode :
Image quality :
Exif Resolution :
White balance :
Thumbnail : None
Copyright :
Exif comment :
Breakpoint 3, main (argc=<optimized out>, argv=<optimized out>) at exiv2.cpp:176
176 Exiv2::XmpParser::terminate();
(gdb) n
155 Action::Task::AutoPtr task
(gdb) n
180 } // main
(gdb)
Breakpoint 2, __libc_start_main (main=0x4e24c0 <main(int, char* const*)>, argc=2, argv=0x7fffffffe598,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe588) at libc-start.c:323
323 libc-start.c: No such file or directory.
(gdb) s
__GI_exit (status=0) at exit.c:104
104 exit.c: No such file or directory.
(gdb) n
103 in exit.c
(gdb)
104 in exit.c
(gdb)
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb)
This vulnerability was triggered after the function __GI_exit (status=0) exit.c:104 after function main() exit.
The text was updated successfully, but these errors were encountered:
I'm forwarding a security vulnerability reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=1470950
The file used to reproduce the issue is here:
https://bugzilla.redhat.com/attachment.cgi?id=1298135
(it's a rar archive containing the actual reproducer file)
Here's a copy of the report:
This vulnerability was triggered after the function __GI_exit (status=0) exit.c:104 after function main() exit.
The text was updated successfully, but these errors were encountered: