Bug #1314

it is a stack-overflow vulnerability in Exiv2::Internal::stringFormat[abi:cxx11] ( in image.cpp:975 )

Added by Zhu Liu 3 months ago. Updated 3 months ago.

Status:NewStart date:23 Sep 2017
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:miscellaneous
Target version:0.27

Description

I've submitted the vulnerability on bugzilla.redhat.com. the link is: https://bugzilla.redhat.com/show_bug.cgi?id=1494787

./exiv2 009-stack-over
ASAN:SIGSEGV =================================================================
65094ERROR: AddressSanitizer: stack-overflow on address 0x7ffe028e0e88 (pc 0x7f1dab2e2b79 bp 0x7ffe028e1740 sp 0x7ffe028e0e90 T0)
#0 0x7f1dab2e2b78 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x5fb78)
#1 0x7f1dab2e4145 in __interceptor_vsnprintf (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x61145)
#2 0x7f1daab94e09 in Exiv2::Internal::stringFormat[abi:cxx11](char const*, ...) /root/fuzzing/exiv2-trunk/src/image.cpp:975
#3 0x7f1daab8fc59 in Exiv2::Image::printIFDStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, unsigned int, bool, char, int) /root/fuzzing/exiv2-trunk/src/image.cpp:357
#4 0x7f1daab9097c in Exiv2::Image::printIFDStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, unsigned int, bool, char, int) /root/fuzzing/exiv2-trunk/src/image.cpp:445
#5 0x7f1daab9097c in Exiv2::Image::printIFDStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, unsigned int, bool, char, int) /root/fuzzing/exiv2-trunk/src/image.cpp:445
#6 0x7f1daab9097c in Exiv2::Image::printIFDStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, unsigned int, bool, char, int) /root/fuzzing/exiv2-trunk/src/image.cpp:445
#7 0x7f1daab9097c in Exiv2::Image::printIFDStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, unsigned int, bool, char, int) /root/fuzzing/exiv2-trunk/src/image.cpp:445
#8 0x7f1daab9097c in Exiv2::Image::printIFDStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, unsigned int, bool, char, int) /root/fuzzing/exiv2-trunk/src/image.cpp:445
#9 0x7f1daab9097c in Exiv2::Image::printIFDStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, unsigned int, bool, char, int) /root/fuzzing/exiv2-trunk/src/image.cpp:445
#10 0x7f1daab9097c in Exiv2::Image::printIFDStructure(Exiv2::BasicIo&, std::ostream&, Exiv2::PrintStructureOption, unsigned int, bool, char, int) /root/fuzzing/exiv2-trunk/src/image.cpp:445
.....
.....
.....
.....
SUMMARY: AddressSanitizer: stack-overflow ??:0 ??
65094ABORTING

009-stack-over (340 Bytes) Zhu Liu, 23 Sep 2017 03:53

History

#1 Updated by Robin Mills 3 months ago

  • Assignee deleted (Robin Mills)
  • Priority changed from Urgent to Normal

Also available in: Atom PDF

Redmine Appliance - Powered by TurnKey Linux