New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap overflow in tinyexr::DecodePixelData #167
Comments
|
No issue observed in |
|
Well, I can still reproduce this issue |
|
You need to post compilation procedure in detail. |
|
Still no issue with it. Reports Found you are attaching wrong POC file. Seems a Core audio file? Magic header starts with |
|
Thanks! Confirmed the issue is now reproducible. Your PR to fix the issue is much appreciated. |
|
Close the issue to avoid CVE FUD |

desc
There is a heap based buffer overflow in tinyexr::DecodePixelData before 20220506 that could cause remote code execution depending on the usage of this program.
asan output
reproduce
./test/fuzzer ./pocThe text was updated successfully, but these errors were encountered: