[notification] exactimage DoS, jumping into the unknown

[Raphael Geissert <geissert () debian org>]

Hi,

While testing the update of exactimage for the fixes in its embedded
copy of dcraw (CVE-2013-1438) I noticed that it did not initialize
(setjmp) the jump pointer used by dcraw for error handling.
In addition to the new checks introduced to fix the above-mentioned
issue, there were already some cases where longjmp was called, causing
the execution to jump to a location defined by an uninitialized
variable.

This new issue has been assigned CVE-2013-1441.

Note that this is specific to exactimage and is not a bug, per-se, in dcraw.

According to the Debian maintainer this bug has probably been present
since ExactImage 0.0.12

This has been fixed in Debian with the patch added in the following commit:
http://anonscm.debian.org/gitweb/?p=collab-maint/exactimage.git;a=commitdiff;h=1dff2eb586a3d10d8528a984bc471292e3789f5c;hp=acfe54193b18b46e880f4b474d2e40b4fdb44a8d

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net