Improper boundary checking -> SIGSEGV
Bug #13499 reported by
Sylvain Defresne
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libexif (Ubuntu) |
Fix Released
|
Critical
|
Martin Pitt |
Bug Description
The exif library fails to validate input in several place, and
jpeg image with invalid exif data may crash user application.
The attached patch fixes some obvious improper access to data
without checking boundary. There may be others that I have not
found (as I have just given it a quick look to correct a crash
caused by some of my images).
To post a comment you must log in.
Created an attachment (id=1508)
The patch mentionned in the bug report
This patch simply return from the exif_data_load_data function when
reading data at the given offset will read outside the data buffer.