Skip to content

Integer overflow causes out-of-bounds read in CiffDirectory::readDirectory() #843

Closed
@kevinbackhouse

Description

@kevinbackhouse

The problem is that the calculation of o+2 can overflow at crwimage_int.cpp:284.

issue_843_poc

Reproducible on the 0.27-maintenance branch (f4a37c6):

exiv2 issue_843_poc.jpg

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions