Skip to content

Out of memory error due to unchecked allocation size in PngChunk::parseChunkContent() #845

Closed
@kevinbackhouse

Description

@kevinbackhouse

The attached file causes a std::bad_alloc exception in exiv2.

issue_845_poc

The bug is that there is no bounds check on the value of length at pngchunk_int.cpp:669.

Reproducible on the 0.27-maintenance branch (f4a37c6):

exiv2 issue_845_poc.png

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions