-
-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DoS: Crash when loading crafted images #233
Comments
This was referenced Sep 15, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I set up some simple fuzzing for sn0int in my fork, targeting image loading, and found a few issues you may find security relevant.
crashes.tar.gz
crash-16* and oom-47* cause allocation failure which immediately terminates the process, while crash-32* is an integer overflow. These issues should be fixed by the latest image crate version, so hopefully a dependency upgrade is simple.
oom-96* seems to be the same root cause as image-rs/image#1748 with mitigations added in this merge: image-rs/image-png#353, but I think sn0int will need to use the Limits api for that to take effect.
Stacktrace: oom-47988b9562c06a826c5503b6f65bc27a93f9cc62
Stacktrace: crash-16e09653a6ced483db6215e4a922a061b580846d
Stacktrace: crash-32aed9132fadd27014d0d5f43ae9376f9b3f9cd7
Stacktrace: oom-9642df99e8a487afa7c072fc46aca9a64ed13707
The text was updated successfully, but these errors were encountered: