==3820756==ERROR:AddressSanitizer:heap-buffer-overflowonaddress0x612000001995atpc0x5627bb77696fbp0x7ffc771a50d0sp0x7ffc771a50c0READofsize1at0x612000001995threadT0#0 0x5627bb77696e in ReadInt32 Source/Metadata/Exif.cpp:120 #1 0x5627bb785e15 in ReadUint32 Source/Metadata/Exif.cpp:138 #2 0x5627bb785e15 in jpeg_read_exif_dir Source/Metadata/Exif.cpp:723 #3 0x5627bb78a6c8 in jpegxr_read_exif_gps_profile Source/Metadata/Exif.cpp:955 #4 0x5627bb6089d5 in ReadMetadata Source/FreeImage/PluginJXR.cpp:607 #5 0x5627bb6089d5 in Load Source/FreeImage/PluginJXR.cpp:1186 #6 0x5627bb560a76 in FreeImage_LoadFromHandle Source/FreeImage/Plugin.cpp:388 #7 0x5627bb560dd5 in FreeImage_Load Source/FreeImage/Plugin.cpp:408 #8 0x5627bb501abb in testClone(char const*) /home/akuma/FreeImage/TestAPI/testImageType.cpp:34 #9 0x5627bb502100 in testAllocateCloneUnload(char const*) /home/akuma/FreeImage/TestAPI/testImageType.cpp:56 #10 0x5627bb4eeaa2 in main /home/akuma/FreeImage/TestAPI/MainTestSuite.cpp:69 #11 0x7f696c2480b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #12 0x5627bb4fc16d in _start (/home/akuma/FreeImage/TestAPI/testAPI+0x1b716d) Address 0x612000001995 is a wild pointer. SUMMARY:AddressSanitizer:heap-buffer-overflowSource/Metadata/Exif.cpp:120inReadInt32Shadowbytesaroundthebuggyaddress:0x0c247fff82e0:fafafafafafafafafafafafafafafafa0x0c247fff82f0:fafafafafafafafafafafafafafafafa0x0c247fff8300:fafafafafafafafafafafafafafafafa0x0c247fff8310:fafafafafafafafafafafafafafafafa0x0c247fff8320:fafafafafafafafafafafafafafafafa=>0x0c247fff8330:fafa[fa]fafafafafafafafafafafafafa0x0c247fff8340:fafafafafafafafafafafafafafafafa0x0c247fff8350:fafafafafafafafafafafafafafafafa0x0c247fff8360:fafafafafafafafafafafafafafafafa
[CVE-ID]
CVE-2021-33367 [Product]
FreeImage 3.18.0 [Version]
FreeImage 3.18.0 [Discoverer]
3kyo0 [Vulnerability Type]
Buffer Overflow [Description]
Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Looks like you're unlikely to get a reply from an author here any time soon. You haven't published the example input you used to get this, but I'd be interested if the following patch fragment resolves it:
[CVE-ID]
CVE-2021-33367
[Product]
FreeImage 3.18.0
[Version]
FreeImage 3.18.0
[Discoverer]
3kyo0
[Vulnerability Type]
Buffer Overflow
[Description]
Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
Hi 3kyo0,
Looks like you're unlikely to get a reply from an author here any time soon. You haven't published the example input you used to get this, but I'd be interested if the following patch fragment resolves it: