Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A OOM problem was found in metadata-extractor #640

Open
Alex111998 opened this issue Dec 6, 2023 · 0 comments · May be fixed by #643
Open

A OOM problem was found in metadata-extractor #640

Alex111998 opened this issue Dec 6, 2023 · 0 comments · May be fixed by #643
Labels
good-first-issue An easy task suited to people new to the project and code help wanted

Comments

@Alex111998
Copy link

Alex111998 commented Dec 6, 2023
edited

(Please include as much information as possible, and attach a sample image if possible.)
When I test the latest version(2.19.0) of metadata-extractor by CIFuzz,a OOM security issue was found, it caused when format a big number in method BmpHeaderDescriptor.formatHex(int, int), may cause denial of service issues in applications via the follow code:

pom

<dependency>
         <groupId>com.drewnoakes</groupId>
         <artifactId>metadata-extractor</artifactId>
         <version>2.19.0</version>
</dependency>

code

import com.drew.metadata.bmp.BmpHeaderDescriptor;

public class MetadataExtractor_OOM {

    public static void main(String[] args) {
        try {
            BmpHeaderDescriptor.formatHex(Integer.MAX_VALUE, Integer.MAX_VALUE);
        } catch (Exception e) {
        }
    }
}

image
@drewnoakes drewnoakes added help wanted good-first-issue An easy task suited to people new to the project and code labels Dec 6, 2023
Salman-Sayyed added a commit to Salman-Sayyed/metadata-extractor that referenced this issue Dec 24, 2023
@Salman-Sayyed
Fix:drewnoakes#640 Optimized formatHex method for efficiency and memo…
51b7b86 
…ry usage
@drewnoakes drewnoakes linked a pull request Dec 26, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good-first-issue An easy task suited to people new to the project and code help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix:#640 Optimized formatHex method for efficiency and memory usage Salman-Sayyed/metadata-extractor
2 participants
@drewnoakes @Alex111998