Exiv2

14 Mar 2013

15:06 Exiv2 Bug #890: ASF: heap overflow

If Abhinav or others familiar with the project can find the time to fix these bugs, then I think it's a much better i... Alyssa Milburn

14:46 Exiv2 Bug #893 (Assigned): EPS: crash on invalid input

epsimage.cpp:329/335 don't detect overflow of pos+size (and don't error out in the read case anyway). You can crash 3... Alyssa Milburn

13 Mar 2013

16:16 Exiv2 Bug #890: ASF: heap overflow

You need to also check for dataLength being too low in your new checks on quicktimevideo.cpp:1082/1100/1119/1138, bec... Alyssa Milburn

15:35 Exiv2 Bug #890: ASF: heap overflow

That certainly fixes my testcase. I'll check the other cases, thanks for the quick response.
Unfortunately (sorry!... Alyssa Milburn

12 Mar 2013

13:32 Exiv2 Bug #891 (New): MRW: potential infinite loop on invalid input

In 32-bit builds, the seek on mrwimage.cpp:135 can be backwards if the input file has a large enough value for siz, a... Alyssa Milburn

11 Mar 2013

07:49 Exiv2 Bug #890 (Closed): ASF: heap overflow

asfvideo.cpp:624 reads dataLength amount of data into a buffer of size 500, causing a heap overflow if dataLength>500... Alyssa Milburn

07:38 Exiv2 Bug #889 (Closed): CRW: crashes when passed invalid data

crwimage.cpp is missing some sanity checks, leading to crashes when trying to load malformed CRW files.
The offset... Alyssa Milburn

02:38 Exiv2 Bug #888: (near-)infinite loop in video decoders

Sorry, if you don't care about bugs caused by invalid data, these bugs are irrelevant. That's why I said "I don't kno... Alyssa Milburn

10 Mar 2013

16:02 Exiv2 Bug #888 (Closed): (near-)infinite loop in video decoders

If I hand RiffVideo::nikonTagsHandler() data with a size value <4, then it subtracts 4 from it (riffvideo.cpp:745 at ... Alyssa Milburn