Hello, I fuzzed the ossim-info tool and found that the tool will crash (e.g. SIGSEGV) with some malformed tiff inputs.
For example, when there's a tag in TIFF image with a undefined data type, the tool will not initialize the array in ossimTiffInfo::print, but will actually try to read something in this array in the function ossimTiffInfo::getArrayValue. This will lead to SIGSEGV.
And also, there are some other problems, such as Use after free and Oversized allocation. If you would like example malformed TIFF images that cause crashes or need further analysis, please reach out to me for more information.
These vulnerabilities may not be a program when we just use the simple command-line tool, but in a system using these functions, I think they may compromise system integrity and availability. Considering the wide use of OSSIM in the geospatial image processing field, it is important strengthen the security of it. Would you like to fix some similar bugs or open a bug reporting platform for reporting vulnerabilities in OSSIM?
Hello, I fuzzed the ossim-info tool and found that the tool will crash (e.g. SIGSEGV) with some malformed tiff inputs.
For example, when there's a tag in TIFF image with a undefined data type, the tool will not initialize the array in
ossimTiffInfo::print, but will actually try to read something in this array in the functionossimTiffInfo::getArrayValue. This will lead to SIGSEGV.And also, there are some other problems, such as Use after free and Oversized allocation. If you would like example malformed TIFF images that cause crashes or need further analysis, please reach out to me for more information.
These vulnerabilities may not be a program when we just use the simple command-line tool, but in a system using these functions, I think they may compromise system integrity and availability. Considering the wide use of OSSIM in the geospatial image processing field, it is important strengthen the security of it. Would you like to fix some similar bugs or open a bug reporting platform for reporting vulnerabilities in OSSIM?
Thank you! :)