New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow write in Exiv2::Jp2Image::doWriteMetadata #1529
Comments
|
Please provide your command-line to reproduce this issue. I will fix this later today. I did intend to release Exiv2 v0.27.4 RC2 today. I will delay that for a few days to deal with anything else you discover in the next few days. |
|
exiv2 in tests_83a94b3337206caa6803f625eb63db061395cf14 |
|
Thanks. I am now able to reproduce this. It will be fixed today. 559 rmills@rmillsmm-local:~/gnu/github/exiv2/0.27-maintenance/build/foo $ ls -l
total 88
-rw-r--r--@ 1 rmills staff 40609 8 Apr 08:01 tests_83a94b3337206caa6803f625eb63db061395cf14
-rw-r--r--@ 1 rmills staff 9 8 Apr 08:09 tests_83a94b3337206caa6803f625eb63db061395cf14.exv
560 rmills@rmillsmm-local:~/gnu/github/exiv2/0.27-maintenance/build/foo $ exiv2 in tests_83a94b3337206caa6803f625eb63db061395cf14
=================================================================
==52084==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000001b7 at pc 0x00010525f7f4 bp 0x7ffeeab2ed10 sp 0x7ffeeab2ed08
WRITE of size 8 at 0x6020000001b7 thread T0
#0 0x10525f7f3 in Exiv2::Jp2Image::doWriteMetadata(Exiv2::BasicIo&)+0x2143 (libexiv2.0.27.4.2.dylib:x86_64+0xf27f3)I will delay releasing Exiv2 v0.27.4 RC2 to deal with any other issues that your discover. |
|
CVE-2021-31291 has been assigned for this issue. |
VERSION
exiv 2 0.27.4.1
https://github.com/Exiv2/exiv2/tree/0.27-maintenance
REPRODUCE
Compile exiv2 with asan:
Dowload testcases:
https://github.com/henices/pocs/raw/master/tests_83a94b3337206caa6803f625eb63db061395cf14
https://github.com/henices/pocs/raw/master/tests_83a94b3337206caa6803f625eb63db061395cf14.exv
exiv2 in tests_83a94b3337206caa6803f625eb63db061395cf14
Credit: Zhen Zhou of NSFOCUS Security Team
The text was updated successfully, but these errors were encountered: