Hu-Hongyan commented on PR #14623: URL: https://github.com/apache/incubator-mxnet/pull/14623#issuecomment-1107866483
I triggered the vulnerability from the C library Libtiff 4.0.9, when I use an older version of incubator-mxnet, causing out-of-bounds write in the buffer. A call chain that accesses to the vulnerable function JBIGDecode() is as follows: ``` (python code)mxnet/image.py: def imread(filename, *args, **kwargs) (libmxnet.so)imgcodecs/src/loadsave.cpp: Mat imread( const String& filename, int flags ); (libopencv.so)imgcodes/src/grfmt_tiff.cpp: bool  TiffDecoder::readData( Mat& img ); (libopencv.so)imgcodes/src/grfmt_tiff.cpp: bool TiffDecoder::readData_32FC1(Mat& img); (libtiff.so)libtiff/tif_read.c: intTIFFReadScanline(TIFF* tif, void* buf, uint32 row, uint16 sample); (libtiff.so)libtiff/tif_read.c: static int TIFFSeek(TIFF* tif, uint32 row, uint16 sample ); ``` I have upgraded to incubator-mxnet's newest version to avoid the issues. Give the info in this report for sharing. It seems that our python projects should keep an eye on the CVEs of C libraries. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
