Project

General

Profile

Bug #9520

libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)

Added by Alicha CH 8 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
10/08/2018
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

One heap-based out-of-bounds read vulnerabiltiy exists in libexif-0.6.21. When saving the data of an entry tagged with “EXIF_TAG_MAKER_NOTE” to
a buffer and copying the data of the exif entry, there is a mismatch between the computed read size of the entry data and the size of the allocated entry data.
The vulnerability can cause Denial-of-Service, even Information Disclosure (disclosing some critical heap chunk metadata, even other applications’ private data).

References:

https://sourceforge.net/p/libexif/bugs/130/
https://nvd.nist.gov/vuln/detail/CVE-2017-7544


Subtasks

Bug #9521: [3.9] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)ClosedNatanael Copa

Bug #9522: [3.8] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)ClosedNatanael Copa

Bug #9523: [3.7] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)ClosedNatanael Copa

Bug #9524: [3.6] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)ClosedNatanael Copa

Bug #9525: [3.5] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)ClosedNatanael Copa

History

#1 Updated by Leonardo Arena 8 months ago

  • Status changed from New to Resolved

#2 Updated by Alicha CH 8 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2017-7544)

Also available in: Atom PDF