You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
state whether the bug was a short-lived regression or an old bug in any stable releases.
add any other useful information.
This information can help downstream consumers.
If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.
This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
The text was updated successfully, but these errors were encountered:
Status: New
Owner: ----
CC: kim.k...@googlemail.com
Labels: Restrict-View-Commit ClusterFuzz Stability-Memory-AddressSanitizer Reproducible Engine-libfuzzer OS-Linux Security_Severity-Medium Proj-assimp Reported-2023-07-01
Type: Bug-Security
New issue 60274 by ClusterFuzz-External: assimp:assimp_fuzzer: Heap-buffer-overflow in Assimp::MD5::MD5Parser::ParseHeader
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60274
Detailed Report: https://oss-fuzz.com/testcase?key=4790975281889280
Project: assimp
Fuzzing Engine: libFuzzer
Fuzz Target: assimp_fuzzer
Job Type: libfuzzer_asan_assimp
Platform Id: linux
Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6020000001c0
Crash State:
Assimp::MD5::MD5Parser::ParseHeader
Assimp::MD5::MD5Parser::MD5Parser
Assimp::MD5Importer::LoadMD5MeshFile
Sanitizer: address (ASAN)
Recommended Security Severity: Medium
Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_assimp&range=202109150603:202109160613
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=4790975281889280
Issue filed automatically.
See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.
When you fix this bug, please
This information can help downstream consumers.
If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.
This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
The text was updated successfully, but these errors were encountered: