Bug: Issue 60274 in oss-fuzz: assimp:assimp_fuzzer: Heap-buffer-overflow in Assimp::MD5::MD5Parser::ParseHeader #5257
Comments
kimkulling
added
Bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Status: New
Owner: ----
CC: kim.k...@googlemail.com
Labels: Restrict-View-Commit ClusterFuzz Stability-Memory-AddressSanitizer Reproducible Engine-libfuzzer OS-Linux Security_Severity-Medium Proj-assimp Reported-2023-07-01
Type: Bug-Security
New issue 60274 by ClusterFuzz-External: assimp:assimp_fuzzer: Heap-buffer-overflow in Assimp::MD5::MD5Parser::ParseHeader
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60274
Detailed Report: https://oss-fuzz.com/testcase?key=4790975281889280
Project: assimp
Fuzzing Engine: libFuzzer
Fuzz Target: assimp_fuzzer
Job Type: libfuzzer_asan_assimp
Platform Id: linux
Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6020000001c0
Crash State:
Assimp::MD5::MD5Parser::ParseHeader
Assimp::MD5::MD5Parser::MD5Parser
Assimp::MD5Importer::LoadMD5MeshFile
Sanitizer: address (ASAN)
Recommended Security Severity: Medium
Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_assimp&range=202109150603:202109160613
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=4790975281889280
Issue filed automatically.
See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.
When you fix this bug, please
This information can help downstream consumers.
If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.
This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
The text was updated successfully, but these errors were encountered: