-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AddressSanitizer: heap-buffer-overflow at iptc.cpp:464 #427
Comments
I could easily reproduce the issue but It does not seem trivial to fix. The problem seems to be in the IptcParser::decode method. |
Thanks for looking into this @piponazo I've also assigned myself to this. It's unlikely that we will resolve this for v0.27 RC1. |
This issue was fixed by #518 |
@piponazo Do you mind us requesting CVEs? |
@hongxuchen what do you mean exactly ? I am not familiar with how the CVEs works, but I am happy with the reports you are sending about vulnerabilities in Exiv2. We will try to fix all the possible vulnerabilities that are reported. |
@piponazo I mean requesting a CVE id for a vulnerability. Usually it is requested by a developer, a reporter, or someone else, given that the vulnerability can be confirmed. |
For me it is totally fine, as far as it does not increase my workload 😉 . We will analyse the issues reported to our github project, either if they have an assigned CVE or not. |
@piponazo Thanks, we will post CVE ID if accepted 😃 |
This got assigned CVE-2018-19107 (root cause is same as CVE-2018-19108 however two vulnerabilities). |
When running
exiv2 $FILE
(5940c6f) against psd files, , ASAN reports a heap-buffer-overflow error.POCs:
https://github.com/ntu-sec/pocs/blob/master/exiv2-5940c6f3/crashes/hbo_iptc.cpp:464_1.psd?raw=true
https://github.com/ntu-sec/pocs/blob/master/exiv2-5940c6f3/crashes/hbo_iptc.cpp:464_2.psd?raw=true
ASAN output:
The text was updated successfully, but these errors were encountered: