1127463 – (CVE-2019-9144) VUL-0: CVE-2019-9144: exiv2: infinite recursion in BigTiffImage:printIFD in bigtiffimage.cpp causing denial of service

Bug 1127463 (CVE-2019-9144) - VUL-0: CVE-2019-9144: exiv2: infinite recursion in BigTiffImage:printIFD in bigtiffimage.cpp causing denial of service

Summary: VUL-0: CVE-2019-9144: exiv2: infinite recursion in BigTiffImage:printIFD in b...

Status:	RESOLVED FIXED

Alias:	CVE-2019-9144

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/225406/
Whiteboard:	CVSSv3:SUSE:CVE-2019-9144:6.5:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-03-01 07:51 UTC by Marcus Meissner
Modified:	2024-05-07 09:21 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
h2 (3.63 KB, application/octet-stream) 2019-03-01 07:53 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2019-03-01 07:51:46 UTC

rh#1683201

An issue was discovered in Exiv2 0.27. There is infinite recursion at
BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a
crafted file. It allows an attacker to cause Denial of Service (Segmentation
fault) or possibly have unspecified other impact.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1683201
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9144
http://www.securityfocus.com/bid/107161
https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/
https://github.com/Exiv2/exiv2/issues/712

Comment 1 Marcus Meissner 2019-03-01 07:53:47 UTC

Created attachment 798519 [details]
h2

QA REPRODUCER:

exiv2 -b -u -k -p R pr h2

endless loop

Comment 3 Dirk Mueller 2020-02-19 08:52:15 UTC

There is a comment that this only affects debug builds. Will check.

Comment 4 Carlos López 2022-05-10 12:02:21 UTC

(In reply to Dirk Mueller from comment #3)
> There is a comment that this only affects debug builds. Will check.

Hi, did you verify it? That might only be true from version 0.27 onwards:
https://github.com/Exiv2/exiv2/issues/711#issuecomment-467209123

Comment 6 Dirk Mueller 2022-10-28 16:34:13 UTC

Verified again: 

bdd765ec4c84:/tmp # rpm -q exiv2
exiv2-0.26-150000.6.38.1.x86_64
bdd765ec4c84:/tmp # exiv2 -b -u -k -p R pr h2
exiv2: Action not available in Release mode: 'R'
Usage: exiv2 [ options ] [ action ] file ...

Manipulate the Exif metadata of images.
bdd765ec4c84:/tmp # exiv2 -b -u -k  pr h2
Exiv2 exception in print action for file h2:
h2: The file contains data of an unknown image type


we're not compiling the code.

Comment 7 Thomas Leroy 2024-05-07 09:21:53 UTC

All done, closing.