Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some Vulnerabilities Found #298

Open
Yao-mengyu opened this issue May 27, 2024 · 0 comments
Open

Some Vulnerabilities Found #298

Yao-mengyu opened this issue May 27, 2024 · 0 comments

Comments

@Yao-mengyu
Copy link

Hello, I fuzzed the ossim-info tool and found that the tool will crash (e.g. SIGSEGV) with some malformed tiff inputs.

For example, when there's a tag in TIFF image with a undefined data type, the tool will not initialize the array in ossimTiffInfo::print, but will actually try to read something in this array in the function ossimTiffInfo::getArrayValue. This will lead to SIGSEGV.

And also, there are some other problems, such as Use after free and Oversized allocation. If you would like example malformed TIFF images that cause crashes or need further analysis, please reach out to me for more information.

These vulnerabilities may not be a program when we just use the simple command-line tool, but in a system using these functions, I think they may compromise system integrity and availability. Considering the wide use of OSSIM in the geospatial image processing field, it is important strengthen the security of it. Would you like to fix some similar bugs or open a bug reporting platform for reporting vulnerabilities in OSSIM?

Thank you! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant