oss-sec mailing list archives
[notification] exactimage DoS, jumping into the unknown
From: Raphael Geissert <geissert () debian org>
Date: Thu, 5 Sep 2013 10:38:14 +0200
Hi, While testing the update of exactimage for the fixes in its embedded copy of dcraw (CVE-2013-1438) I noticed that it did not initialize (setjmp) the jump pointer used by dcraw for error handling. In addition to the new checks introduced to fix the above-mentioned issue, there were already some cases where longjmp was called, causing the execution to jump to a location defined by an uninitialized variable. This new issue has been assigned CVE-2013-1441. Note that this is specific to exactimage and is not a bug, per-se, in dcraw. According to the Debian maintainer this bug has probably been present since ExactImage 0.0.12 This has been fixed in Debian with the patch added in the following commit: http://anonscm.debian.org/gitweb/?p=collab-maint/exactimage.git;a=commitdiff;h=1dff2eb586a3d10d8528a984bc471292e3789f5c;hp=acfe54193b18b46e880f4b474d2e40b4fdb44a8d Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- [notification] exactimage DoS, jumping into the unknown Raphael Geissert (Sep 05)