eog crashed with SIGSEGV in TIFFVGetField()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tiff (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: libtiff4
Any application using libtiff will segfault because of a null dereference when opening the attached TIFF-file. I seem to be missing some debug symbols for libtiff4 (I couldn't find installation package for them), but here's the not-too-helpful valgrind output I got:
==5908== Process terminating with default action of signal 11 (SIGSEGV)
==5908== Access not within mapped region at address 0x0
==5908== at 0x7CB1ED0: ??? (in /usr/lib/
==5908== by 0x7CB2F4E: ??? (in /usr/lib/
==5908== by 0x7CB3F38: ??? (in /usr/lib/
==5908== by 0x7CB41A5: ??? (in /usr/lib/
==5908== by 0x7C92E79: TIFFVGetField (in /usr/lib/
==5908== by 0x7C9391A: TIFFGetField (in /usr/lib/
==5908== by 0x7CBFD8B: TIFFScanlineSize (in /usr/lib/
==5908== by 0x7C98581: TIFFReadDirectory (in /usr/lib/
==5908== by 0x7CB62CB: TIFFClientOpen (in /usr/lib/
==5908== by 0x647F205: gdk_pixbuf_
==5908== by 0x477E7A0: gdk_pixbuf_
==5908== by 0x807C6F1: eog_image_load (eog-image.c:1056)
I am initially marking this as a security vulnerability since the file makes all the nautilus etc crash too which is bit annoying even though it does not seem to allow code execution. Remove the security vuln tag if this is not considered as security issue.
ProblemType: Crash
DistroRelease: Ubuntu 10.04
Package: eog 2.30.0-0ubuntu1
ProcVersionSign
Uname: Linux 2.6.32-22-generic i686
Architecture: i386
Date: Thu Jun 3 15:17:33 2010
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/eog
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha i386 (20100113)
ProcCmdline: eog fubwt-491.tif
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.utf8
SegvAnalysis:
Segfault happened at: 0x5214ed0: mov (%ecx,%eax,4),%ecx
PC (0x05214ed0) ok
source "(%ecx,%eax,4)" (0x00000000) not located in a known VMA region (needed readable region)!
destination "%ecx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: eog
StacktraceTop:
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
TIFFVGetField () from /usr/lib/
Title: eog crashed with SIGSEGV in TIFFVGetField()
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
XsessionErrors:
(polkit-
(gnome-
CVE References
Changed in tiff (Ubuntu): | |
status: | New → Confirmed |
visibility: | private → public |
Changed in tiff (Ubuntu Lucid): | |
status: | New → Fix Committed |
Changed in tiff (Ubuntu Maverick): | |
status: | Confirmed → Fix Released |
Changed in tiff (Ubuntu Lucid): | |
importance: | Undecided → Medium |
StacktraceTop: rFill (sp=0xa8ae200) at tif_ojpeg.c:1912 rInfoSec (tif=<value optimized out>) ngCorrect (tif=0xbdbe100) at tif_ojpeg.c:959
OJPEGReadBuffe
OJPEGReadHeade
OJPEGSubsampli
OJPEGVGetField (tif=0x0, tag=0,
TIFFVGetField (tif=0xbdbe100, tag=530,