Henry Lin created IMAGING-349: --------------------------------- Summary: Out of Memory (53708) found by OSS-Fuzz Key: IMAGING-349 URL: https://issues.apache.org/jira/browse/IMAGING-349 Project: Commons Imaging Issue Type: Bug Reporter: Henry Lin Attachments: 53708-apache-commons-imaging-ImagingJpegFuzzer.zip
Dear Apache Commons Imaging team, Fuzzing has found an out of memories in OSS-Fuzz with JVM Fuzzer Jazzer in Apache Commons Imaging. We have reviewed the findings and consider it security-related due to the potential of a denial of service. Part of the stack trace: == Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Out of memory (use '-Xmx1710m' to reproduce) Caused by: java.lang.OutOfMemoryError: Java heap space at java.desktop/java.awt.image.DataBufferInt.<init>(DataBufferInt.java:75) at java.desktop/java.awt.image.Raster.createPackedRaster(Raster.java:467) at org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.visitSOS(JpegDecoder.java:129) at org.apache.commons.imaging.formats.jpeg.JpegUtils.traverseJFIF(JpegUtils.java:77) at org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.decode(JpegDecoder.java:543) at org.apache.commons.imaging.formats.jpeg.JpegImageParser.getBufferedImage(JpegImageParser.java:107) at org.apache.commons.imaging.formats.jpeg.JpegImageParser.getBufferedImage(JpegImageParser.java:65) at org.apache.commons.imaging.ImageParser.getBufferedImage(ImageParser.java:529) at ImagingJpegFuzzer.fuzzerTestOneInput(ImagingJpegFuzzer.java:24) at java.base/java.lang.invoke.LambdaForm$DMH/0x0000000800b95c40.invokeStaticInit(LambdaForm$DMH) at java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4040.invoke(LambdaForm$MH) at java.base/java.lang.invoke.LambdaForm$MH/0x0000000800bd4840.invoke_MT(LambdaForm$MH) … We have added a reproducer.zip which contains a README that describes how to reproduce the issue. We would appreciate if you could take a look into the findings. Do you see a risk that this might be exploited by untrusted input? OSS-Fuzz Issue: [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53708] Hint: The provided OSS-Fuzz Issue links are only accessible if the issue gets fixed or you are the maintainer of the OSS-Fuzz project. Fuzz targets: [https://github.com/google/oss-fuzz/blob/master/projects/apache-commons-imaging/ImagingJpegFuzzer.java] -- This message was sent by Atlassian Jira (v8.20.10#820010)