This bug was fixed in the package tracker - 0.16.5-0ubuntu0.2

tracker (0.16.5-0ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow when skipping over
    decoded image data of extremely large or specially
    prepared GIF resulting in a program crash (LP: #1178402)
   - debian/patches/fix-gif-possible-integer-overflow.patch:
     Avoid integer overflow by reading/skipping over image data
     line by line in read_metadata in

 -- Nikita Yerenkov-Scott <>  Sun, 09 Oct 2016
16:06:45 +0100

** Changed in: tracker (Ubuntu Trusty)
       Status: In Progress => Fix Released

You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs

  tracker-extract crashed with signal 5 in g_malloc()

Status in Tracker:
  Fix Released
Status in Ubuntu GNOME:
  In Progress
Status in tracker package in Ubuntu:
  Fix Released
Status in tracker source package in Trusty:
  Fix Released
Status in tracker source package in Xenial:
  Fix Released

Bug description:
  * Impact
  An integer overflow occurs when tracker-extract comes across an extremely 
large GIF image or one which is specifically crafted.

  * Test case
  If for instance this file 
is saved on a computer tracker-extract will crash when it gets to it unless the 
patches are applied.

  * Regression potential
  I have not tested these patches but the fix is in the Yakkety version and I 
do not experience the crash there and no regressions.


  Original report:

  Lock Interface and PC

  ProblemType: Crash
  DistroRelease: Ubuntu 13.04
  Package: tracker-extract 0.16.0-2ubuntu1~ubuntu13.04.1 [origin: 
  ProcVersionSignature: Ubuntu 3.8.0-19.30-generic 3.8.8
  Uname: Linux 3.8.0-19-generic i686
  ApportVersion: 2.9.2-0ubuntu8
  Architecture: i386
  Date: Thu May  9 16:45:04 2013
  ExecutablePath: /usr/lib/tracker/tracker-extract
  InstallationDate: Installed on 2013-04-29 (9 days ago)
  InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release i386 (20130424)
  MarkForUpload: True
  ProcCmdline: /usr/lib/tracker/tracker-extract
   PATH=(custom, no user)
  Signal: 5
  SourcePackage: tracker
   g_malloc () from /lib/i386-linux-gnu/
   tracker_extract_get_metadata () from 
   ?? ()
   ?? ()
   ?? ()
  Title: tracker-extract crashed with signal 5 in g_malloc()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to