Package: libexiv2-14 Version: 0.25-4 Severity: important Tags: buster Affects: gwenview
The attached (extracted) exif data dump can be used to crash (lib)exiv2 under
debian buster. This is causing crashes of gwenview or similar graphical image
viewers. But it can reproduced easier with the exiv command tool:
$ valgrind exiv2 -pt dfa12848-c367-463f-8308-1508466631e1.exv
==18807== Memcheck, a memory error detector
==18807== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==18807== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==18807== Command: exiv2 -pt dfa12848-c367-463f-8308-1508466631e1.exv
==18807==
Exif.Image.ImageDescription Ascii 1
Exif.Image.Make Ascii 1
Exif.Image.Model Ascii 1
Exif.Image.Software Ascii 1
Exif.Image.DateTime Ascii 1
Exif.Image.Artist Ascii 1
Exif.Image.ExifTag Long 1 134
Exif.Photo.ExifVersion Undefined 1 (0)
Exif.Photo.DateTimeOriginal Ascii 1
Exif.Photo.DateTimeDigitized Ascii 1
Exif.Photo.ComponentsConfiguration Undefined 1
Exif.Photo.UserComment Undefined 1
Exif.Photo.SubSecTime Ascii 1
Exif.Photo.SubSecTimeOriginal Ascii 1
Exif.Photo.SubSecTimeDigitized Ascii 1
Exif.Photo.FlashpixVersion Undefined 1 (0)
Exif.Photo.SceneType Undefined 1 (0)
Exif.Photo.ImageUniqueID Ascii 1
Exif.Image.GPSTag Long 1 272
Exif.GPSInfo.GPSVersionID Byte 1 0
Exif.GPSInfo.GPSLatitudeRef Ascii 1 ()
Exif.GPSInfo.GPSLongitudeRef Ascii 1 ()
Exif.GPSInfo.GPSAltitudeRef Byte 1 Above sea level
Exif.GPSInfo.GPSProcessingMethod Undefined 1 0
Exif.GPSInfo.GPSDateStamp Ascii 1
==18807== Invalid read of size 1
==18807== at 0x49C95BB: Exiv2::Internal::printUcs2(std::ostream&,
Exiv2::Value const&, Exiv2::ExifData const*) (tags.cpp:2324)
==18807== by 0x498B26B:
Exiv2::Metadatum::print[abi:cxx11](Exiv2::ExifData const*) const
(metadatum.cpp:80)
==18807== by 0x11DB7B: Action::Print::printMetadatum(Exiv2::Metadatum
const&, Exiv2::Image const*) (actions.cpp:711)
==18807== by 0x11E00E: Action::Print::printMetadata(Exiv2::Image const*)
(actions.cpp:536)
==18807== by 0x11E2D7: Action::Print::printList() (actions.cpp:526)
==18807== by 0x122CFF:
Action::Print::run(std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&) (actions.cpp:241)
==18807== by 0x10EA4C: main (exiv2.cpp:171)
==18807== Address 0x54a5f7f is 1 bytes before a block of size 1 alloc'd
==18807== at 0x483650F: operator new[](unsigned long)
(vg_replace_malloc.c:423)
==18807== by 0x49C95A1: DataBuf (types.hpp:194)
==18807== by 0x49C95A1: Exiv2::Internal::printUcs2(std::ostream&,
Exiv2::Value const&, Exiv2::ExifData const*) (tags.cpp:2321)
==18807== by 0x498B26B:
Exiv2::Metadatum::print[abi:cxx11](Exiv2::ExifData const*) const
(metadatum.cpp:80)
==18807== by 0x11DB7B: Action::Print::printMetadatum(Exiv2::Metadatum
const&, Exiv2::Image const*) (actions.cpp:711)
==18807== by 0x11E00E: Action::Print::printMetadata(Exiv2::Image const*)
(actions.cpp:536)
==18807== by 0x11E2D7: Action::Print::printList() (actions.cpp:526)
==18807== by 0x122CFF:
Action::Print::run(std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&) (actions.cpp:241)
==18807== by 0x10EA4C: main (exiv2.cpp:171)
==18807==
Exif.Image.XPTitle Byte 1 Uncaught
exception: basic_string::_M_create
==18807==
==18807== HEAP SUMMARY:
==18807== in use at exit: 1,452 bytes in 23 blocks
==18807== total heap usage: 662 allocs, 639 frees, 130,284 bytes allocated
==18807==
==18807== LEAK SUMMARY:
==18807== definitely lost: 0 bytes in 0 blocks
==18807== indirectly lost: 0 bytes in 0 blocks
==18807== possibly lost: 0 bytes in 0 blocks
==18807== still reachable: 1,452 bytes in 23 blocks
==18807== suppressed: 0 bytes in 0 blocks
==18807== Rerun with --leak-check=full to see details of leaked memory
==18807==
==18807== For counts of detected and suppressed errors, rerun with: -v
==18807== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Or when started without valgrind
exiv2 -pt dfa12848-c367-463f-8308-1508466631e1.exv
Exif.Image.ImageDescription Ascii 1
Exif.Image.Make Ascii 1
Exif.Image.Model Ascii 1
Exif.Image.Software Ascii 1
Exif.Image.DateTime Ascii 1
Exif.Image.Artist Ascii 1
Exif.Image.ExifTag Long 1 134
Exif.Photo.ExifVersion Undefined 1 (0)
Exif.Photo.DateTimeOriginal Ascii 1
Exif.Photo.DateTimeDigitized Ascii 1
Exif.Photo.ComponentsConfiguration Undefined 1
Exif.Photo.UserComment Undefined 1
Exif.Photo.SubSecTime Ascii 1
Exif.Photo.SubSecTimeOriginal Ascii 1
Exif.Photo.SubSecTimeDigitized Ascii 1
Exif.Photo.FlashpixVersion Undefined 1 (0)
Exif.Photo.SceneType Undefined 1 (0)
Exif.Photo.ImageUniqueID Ascii 1
Exif.Image.GPSTag Long 1 272
Exif.GPSInfo.GPSVersionID Byte 1 0
Exif.GPSInfo.GPSLatitudeRef Ascii 1 ()
Exif.GPSInfo.GPSLongitudeRef Ascii 1 ()
Exif.GPSInfo.GPSAltitudeRef Byte 1 Above sea level
Exif.GPSInfo.GPSProcessingMethod Undefined 1 0
Exif.GPSInfo.GPSDateStamp Ascii 1
Exif.Image.XPTitle Byte 1 Uncaught
exception: basic_string::_M_create
dfa12848-c367-463f-8308-1508466631e1.exv
Description: Binary data
