[
https://issues.apache.org/jira/browse/IMAGING-348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Henry Lin updated IMAGING-348:
------------------------------
Description:
Dear Apache Commons Imaging team,
Fuzzing has found an out of memories in OSS-Fuzz with JVM Fuzzer Jazzer in
Apache Commons Imaging. We have reviewed the findings and consider it
security-related due to the potential of a denial of service.
Part of the stack trace:
== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Out
of memory (use '-Xmx1710m' to reproduce)
Caused by: java.lang.OutOfMemoryError: Java heap space
at org.apache.commons.imaging.common.ImageBuilder.<init>(ImageBuilder.java:77)
at
org.apache.commons.imaging.formats.bmp.BmpImageParser.getBufferedImage(BmpImageParser.java:645)
at
org.apache.commons.imaging.formats.bmp.BmpImageParser.getBufferedImage(BmpImageParser.java:622)
at
org.apache.commons.imaging.formats.bmp.BmpImageParser.getBufferedImage(BmpImageParser.java:52)
at
org.apache.commons.imaging.ImageParser.getBufferedImage(ImageParser.java:529)
at ImagingBmpFuzzer.fuzzerTestOneInput(ImagingBmpFuzzer.java:24)
at
java.base/java.lang.invoke.LambdaForm$DMH/0x0000000800b95c40.invokeStaticInit(LambdaForm$DMH)
at
java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4040.invoke(LambdaForm$MH)
at
java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4840.invoke_MT(LambdaForm$MH)
…
We have added a reproducer.zip which contains a README that describes how to
reproduce the issue.
We would appreciate if you could take a look into the findings. Do you see a
risk that this might be exploited by untrusted input?
OSS-Fuzz Issue: [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53641]
Hint: The provided OSS-Fuzz Issue links are only accessible if the issue gets
fixed or you are the maintainer of the OSS-Fuzz project.
Fuzz targets:
[https://github.com/google/oss-fuzz/blob/master/projects/apache-commons-imaging/ImagingBmpFuzzer.java]
was:
Dear Apache Commons Imaging team,
Fuzzing has found an out of memories in OSS-Fuzz with JVM Fuzzer Jazzer in
Apache Commons Imaging. We have reviewed the findings and consider it
security-related due to the potential of a denial of service.
Part of the stack trace:
== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Out
of memory (use '-Xmx1710m' to reproduce)
Caused by: java.lang.OutOfMemoryError: Java heap space
at org.apache.commons.imaging.common.ImageBuilder.<init>(ImageBuilder.java:77)
at
org.apache.commons.imaging.formats.bmp.BmpImageParser.getBufferedImage(BmpImageParser.java:645)
at
org.apache.commons.imaging.formats.bmp.BmpImageParser.getBufferedImage(BmpImageParser.java:622)
at
org.apache.commons.imaging.formats.bmp.BmpImageParser.getBufferedImage(BmpImageParser.java:52)
at
org.apache.commons.imaging.ImageParser.getBufferedImage(ImageParser.java:529)
at ImagingBmpFuzzer.fuzzerTestOneInput(ImagingBmpFuzzer.java:24)
at
java.base/java.lang.invoke.LambdaForm$DMH/0x0000000800b95c40.invokeStaticInit(LambdaForm$DMH)
at
java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4040.invoke(LambdaForm$MH)
at
java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4840.invoke_MT(LambdaForm$MH)
…
We have added a reproducer.zip which contains a README that describes how to
reproduce the issue.
We would appreciate if you could take a look into the findings. Do you see a
risk that this might be exploited by untrusted input?
OSS-Fuzz Issue:
[https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53641]
Hint: The provided OSS-Fuzz Issue links are only accessible if the issue gets
fixed or you are the maintainer of the OSS-Fuzz project.
Fuzz targets:
[https://github.com/google/oss-fuzz/blob/master/projects/apache-commons-imaging/ImagingBmpFuzzer.java]
> Out of Memory (53641) found by OSS-Fuzz
> ---------------------------------------
>
> Key: IMAGING-348
> URL: https://issues.apache.org/jira/browse/IMAGING-348
> Project: Commons Imaging
> Issue Type: Bug
> Reporter: Henry Lin
> Priority: Major
> Attachments: 53641-apache-commons-imaging-ImagingBmpFuzzer.zip
>
>
> Dear Apache Commons Imaging team,
>
> Fuzzing has found an out of memories in OSS-Fuzz with JVM Fuzzer Jazzer in
> Apache Commons Imaging. We have reviewed the findings and consider it
> security-related due to the potential of a denial of service.
>
> Part of the stack trace:
> == Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow:
> Out of memory (use '-Xmx1710m' to reproduce)
> Caused by: java.lang.OutOfMemoryError: Java heap space
> at
> org.apache.commons.imaging.common.ImageBuilder.<init>(ImageBuilder.java:77)
> at
> org.apache.commons.imaging.formats.bmp.BmpImageParser.getBufferedImage(BmpImageParser.java:645)
>
> at
> org.apache.commons.imaging.formats.bmp.BmpImageParser.getBufferedImage(BmpImageParser.java:622)
>
> at
> org.apache.commons.imaging.formats.bmp.BmpImageParser.getBufferedImage(BmpImageParser.java:52)
>
> at
> org.apache.commons.imaging.ImageParser.getBufferedImage(ImageParser.java:529)
> at ImagingBmpFuzzer.fuzzerTestOneInput(ImagingBmpFuzzer.java:24)
> at
> java.base/java.lang.invoke.LambdaForm$DMH/0x0000000800b95c40.invokeStaticInit(LambdaForm$DMH)
>
> at
> java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4040.invoke(LambdaForm$MH)
>
> at
> java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4840.invoke_MT(LambdaForm$MH)
> …
> We have added a reproducer.zip which contains a README that describes how to
> reproduce the issue.
>
> We would appreciate if you could take a look into the findings. Do you see a
> risk that this might be exploited by untrusted input?
>
> OSS-Fuzz Issue: [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53641]
> Hint: The provided OSS-Fuzz Issue links are only accessible if the issue gets
> fixed or you are the maintainer of the OSS-Fuzz project.
>
> Fuzz targets:
> [https://github.com/google/oss-fuzz/blob/master/projects/apache-commons-imaging/ImagingBmpFuzzer.java]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
