Package: exifprobe Version: 2.0.1+git20201230.eee65ff-2 Severity: important X-Debbugs-Cc: [email protected]
Dear Maintainer, During fuzz testing of exifprobe, a stack overflow was discovered that prevents the program from functioning correctly. Build options ``` git clone https://salsa.debian.org/pkg-security-team/exifprobe.git cd exifprobe CC="clang -fsanitize=address" CXX="clang++ -fsanitize=address" make ``` ASAN Log ``` ./exifprobe exifprobe-stack-overflow ================================================================= ==2498689==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe57990e88 (pc 0x00000043ebd1 bp 0x7ffe57991710 sp 0x7ffe57990e90 T0) #0 0x43ebd1 in printf_common(void*, char const*, __va_list_tag*) /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors_format.inc:496:3 #1 0x43f91e in vsnprintf /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1651:1 #2 0x4416f5 in snprintf /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1722:1 #3 0x52efdf in splice exifprobe/misc.c:1315:5 #4 0x507cd5 in process_tiff_ifd exifprobe/process.c:183:38 #5 0x5184e4 in process_subifd exifprobe/process.c:2118:40 #6 0x50cb41 in process_tiff_ifd exifprobe/process.c:667:40 #7 0x5184e4 in process_subifd exifprobe/process.c:2118:40 #8 0x50cb41 in process_tiff_ifd exifprobe/process.c:667:40 #9 0x5184e4 in process_subifd exifprobe/process.c:2118:40 #10 0x50cb41 in process_tiff_ifd exifprobe/process.c:667:40 #11 0x5184e4 in process_subifd exifprobe/process.c:2118:40 #12 0x50cb41 in process_tiff_ifd exifprobe/process.c:667:40 #13 0x5184e4 in process_subifd exifprobe/process.c:2118:40 ... ``` The poc file used can be downloaded from the link below. - https://drive.google.com/file/d/1ix_8OSUaQiLYDyG0LFIPy4khSYreGygf/view?usp=drive_link This bug (vulnerability) can affect availability, causing the program to fail to terminate properly. Therefore, measures should be taken to prevent infinite function calls from occurring. -- System Information: Debian Release: 13.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.15.0-153-generic (SMP w/64 CPU threads) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect Versions of packages exifprobe depends on: ii libc6 2.41-12 exifprobe recommends no packages. exifprobe suggests no packages. -- no debconf information
