-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Overflow in exiv2 #1019
Comments
Hi. Please provide repducuction material and, if possible, it would be really nice of you to also provide a fix. |
Below is command for reproducing the bug. Please unzip POC before running. ./exiv2 -pv POC-file.zip Machine Setup
@phako Currently I am unaware of fix. |
This seems to catch that but I am not sure that this is correct place for it.
|
Corrupted or specially crafted CRW images might exceed the overall buffersize. Fixes Exiv2#1019
@phako You can edit the title of the ticket inorder to point to correct vulnerability. |
(cherry picked from commit 73b874f)
Corrupted or specially crafted CRW images might exceed the overall buffersize. Fixes Exiv2#1019
We found vulnerability in exiv2 binary and exiv2 is complied with clang enabling ASAN.
Machine Setup
ASAN Output
The text was updated successfully, but these errors were encountered: