search

drewnoakes / metadata-extractor

Extracts Exif, IPTC, XMP, ICC and other metadata from image, video and audio files
Apache License 2.0
2.57k stars 481 forks source link

Crash on java.lang.OutOfMemoryError #618

Open Han0nly opened 1 year ago

Han0nly commented 1 year ago

Recently, we found that two code snippet in metadta-extractor (2.18.0) can trigger java.lang.OutOfMemoryError errors, which will lead to local denial-of-service. Error handling needs to be added, otherwise the java thread will crash, and apps that rely on this library will malfunction.

  1. https://github.com/drewnoakes/metadata-extractor/blob/e3235eaa307e3d4b564737828b32ea2f2e429655/Source/com/drew/metadata/mov/atoms/SampleDescriptionAtom.java#L46
  2. https://github.com/drewnoakes/metadata-extractor/blob/e3235eaa307e3d4b564737828b32ea2f2e429655/Source/com/drew/metadata/mov/atoms/TimeToSampleAtom.java#L45