metacam issues

Henri Salo Mon, 02 Mar 2015 23:46:52 -0800

Hi,

I found lots of issues from metacam package in Debian while fuzzing with AFL
<http://lcamtuf.coredump.cx/afl/>.


Popularity of this package is pretty low currently:
https://qa.debian.org/popcon.php?package=metacam

Do you want me to report these issues to Debian bug tracking system? I was
unable to find upstream issue tracker for this package and our Git URL seems to
be broken according to http://duck.debian.net/static/sp/m/metacam.html

Some of these issues probably has security impact on systems executing malicious
files with cli program. Please note that the cli program might be dependency in
web-application etc.

Do we really want to have several packages in Debian, which list and/or edit
EXIF data for JPEG files?

I have attached one of the sample files to this email.

5d4c287cf40b73d2a5aac8b4a7367564ce823937  afl-metacam-sample-001.jpg

Starting program: metacam afl-metacam-sample-001.jpg
File: afl-metacam-sample-001.jpg
WARNING: Unknown field type 0
WARNING: Unknown field type 0
  Standard Fields -----------------------------------

Program received signal SIGSEGV, Segmentation fault.
tiffRATIONAL::normalize (this=0x0) at rationals.cc:40
40          if ((num == 0) || (den == 0)) return *this;

(gdb) bt
#0  tiffRATIONAL::normalize (this=0x0) at rationals.cc:40
#1  0x0000000000421bf7 in dpyResolution (ctx=..., name=0x4584f7 "X Resolution", 
e=...) at dpyfuncs.cc:194
#2  0x000000000040ebe3 in displayTags (driver=driver@entry=0x661010, 
header=header@entry=0x4581e5 "Standard Fields", tag_map=..., known=<optimized 
out>,
    verbose=0) at metacam.cc:86
#3  0x00000000004060bc in processFile (is=..., fname=<optimized out>, 
driver=0x661010) at metacam.cc:255
#4  main (argc=<optimized out>, argv=<optimized out>) at metacam.cc:359
#5  0x00007ffff72d1ead in __libc_start_main (main=<optimized out>, 
argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>,
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe4e8) 
at libc-start.c:244
#6  0x000000000040c271 in _start ()

(gdb) list
35      
36          
37      tiffRATIONAL 
38      tiffRATIONAL::normalize() const
39      {
40          if ((num == 0) || (den == 0)) return *this;
41          unsigned long d = Euclid(num, den);
42          return tiffRATIONAL(num/d, den/d);
43      }
44

-- 
Henri Salo

signature.asc
Description: Digital signature

_______________________________________________
forensics-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

metacam issues

Reply via email to