[jira] [Created] (IMAGING-350) Out of Memory (53644) found by OSS-Fuzz

Tue, 21 Feb 2023 13:07:06 -0800 

Henry Lin created IMAGING-350:
---------------------------------

             Summary: Out of Memory (53644) found by OSS-Fuzz
                 Key: IMAGING-350
                 URL: https://issues.apache.org/jira/browse/IMAGING-350
             Project: Commons Imaging
          Issue Type: Bug
            Reporter: Henry Lin
         Attachments: 53644-apache-commons-imaging-ImagingGifFuzzer.zip

Dear Apache Commons Imaging team,

 

Fuzzing has found an out of memories in OSS-Fuzz with JVM Fuzzer Jazzer in 
Apache Commons Imaging. We have reviewed the findings and consider it 
security-related due to the potential of a denial of service.

 

Part of the stack trace:
== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Out 
of memory (use '-Xmx1710m' to reproduce)
Caused by: java.lang.OutOfMemoryError: Java heap space at 
java.base/java.io.ByteArrayOutputStream.<init>(ByteArrayOutputStream.java:81) 
at 
org.apache.commons.imaging.common.mylzw.MyLzwDecompressor.decompress(MyLzwDecompressor.java:149)
 
at 
org.apache.commons.imaging.formats.gif.GifImageParser.readImageDescriptor(GifImageParser.java:394)
 
at 
org.apache.commons.imaging.formats.gif.GifImageParser.readBlocks(GifImageParser.java:263)
 
at 
org.apache.commons.imaging.formats.gif.GifImageParser.readFile(GifImageParser.java:472)
 
at 
org.apache.commons.imaging.formats.gif.GifImageParser.readFile(GifImageParser.java:456)
 
at 
org.apache.commons.imaging.formats.gif.GifImageParser.getBufferedImage(GifImageParser.java:825)
 
at 
org.apache.commons.imaging.formats.gif.GifImageParser.getBufferedImage(GifImageParser.java:58)
 
at 
org.apache.commons.imaging.ImageParser.getBufferedImage(ImageParser.java:529) 
at ImagingGifFuzzer.fuzzerTestOneInput(ImagingGifFuzzer.java:24) 
at 
java.base/java.lang.invoke.LambdaForm$DMH/0x0000000800b95c40.invokeStaticInit(LambdaForm$DMH)
 
at 
java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4040.invoke(LambdaForm$MH)
 
at 
java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4840.invoke_MT(LambdaForm$MH)
…

We have added a reproducer.zip which contains a README that describes how to 
reproduce the issue.

 

We would appreciate if you could take a look into the findings. Do you see a 
risk that this might be exploited by untrusted input?

 

OSS-Fuzz Issue: [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53644]

Hint: The provided OSS-Fuzz Issue links are only accessible if the issue gets 
fixed or you are the maintainer of the OSS-Fuzz project.

 

Fuzz targets: 
[https://github.com/google/oss-fuzz/blob/master/projects/apache-commons-imaging/ImagingGifFuzzer.java]

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to