You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fuzzing has found an out of memory issues in OSS-Fuzz with JVM Fuzzer Jazzer in metadata-extractor. We have reviewed the finding and regarded it as security-related due to the potential of a denial of service.
The crashing input caused an out of memory issue to line 374 of the SequentialReader.java.
We would appreciate it if you could take a look at the finding. Do you see a risk that this might be exploited by untrusted input?
Part of the stack trace:
== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Out of memory (use '-Xmx1710m' to reproduce)
Caused by: java.lang.OutOfMemoryError: Java heap space
at com.drew.lang.SequentialReader.getNullTerminatedBytes(SequentialReader.java:374)
at com.drew.lang.SequentialReader.getNullTerminatedStringValue(SequentialReader.java:358)
at com.drew.lang.SequentialReader.getNullTerminatedString(SequentialReader.java:342)
at com.drew.metadata.bmp.BmpReader.readBitmapHeader(BmpReader.java:375)
at com.drew.metadata.bmp.BmpReader.readFileHeader(BmpReader.java:156)
at com.drew.metadata.bmp.BmpReader.extract(BmpReader.java:88)
at com.drew.imaging.bmp.BmpMetadataReader.readMetadata(BmpMetadataReader.java:57)
at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:159)
at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:124)
at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:103)
at ImageMetadataReaderFuzzer.fuzzerTestOneInput(ImageMetadataReaderFuzzer.java:31)
at java.base/java.lang.invoke.LambdaForm$DMH/0x0000000800b95c40.invokeStaticInit(LambdaForm$DMH)
at java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4040.invoke(LambdaForm$MH)
at java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4840.invoke_MT(LambdaForm$MH)
...
Dear metadata-extractor maintainers,
Fuzzing has found an out of memory issues in OSS-Fuzz with JVM Fuzzer Jazzer in metadata-extractor. We have reviewed the finding and regarded it as security-related due to the potential of a denial of service.
The crashing input caused an out of memory issue to line 374 of the SequentialReader.java.
We would appreciate it if you could take a look at the finding. Do you see a risk that this might be exploited by untrusted input?
Part of the stack trace:
== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Out of memory (use '-Xmx1710m' to reproduce)
Caused by: java.lang.OutOfMemoryError: Java heap space
at com.drew.lang.SequentialReader.getNullTerminatedBytes(SequentialReader.java:374)
at com.drew.lang.SequentialReader.getNullTerminatedStringValue(SequentialReader.java:358)
at com.drew.lang.SequentialReader.getNullTerminatedString(SequentialReader.java:342)
at com.drew.metadata.bmp.BmpReader.readBitmapHeader(BmpReader.java:375)
at com.drew.metadata.bmp.BmpReader.readFileHeader(BmpReader.java:156)
at com.drew.metadata.bmp.BmpReader.extract(BmpReader.java:88)
at com.drew.imaging.bmp.BmpMetadataReader.readMetadata(BmpMetadataReader.java:57)
at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:159)
at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:124)
at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:103)
at ImageMetadataReaderFuzzer.fuzzerTestOneInput(ImageMetadataReaderFuzzer.java:31)
at java.base/java.lang.invoke.LambdaForm$DMH/0x0000000800b95c40.invokeStaticInit(LambdaForm$DMH)
at java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4040.invoke(LambdaForm$MH)
at java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4840.invoke_MT(LambdaForm$MH)
...
We have added a reproducer zip which contains a README that describes how to reproduce the issue.
Reproducer zip: https://drive.google.com/file/d/1V_7Imq6t2RjLyDocozVIO4owj3aD46gM/view?usp=sharing
Fuzz target: https://github.com/google/oss-fuzz/blob/master/projects/metadata-extractor/ImageMetadataReaderFuzzer.java
OSS-Fuzz issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59098
Hint: The provided OSS-Fuzz Issue link is only accessible if the issue is fixed or you are the maintainer of the OSS-Fuzz project.
The text was updated successfully, but these errors were encountered: