assimp Bug: Issue 61893 in oss-fuzz: assimp:assimp_fuzzer: Container-overflow in ODDLParser::OpenDDLParser::parseIntegerLiteral

Bug: Issue 61893 in oss-fuzz: assimp:assimp_fuzzer: Container-overflow in ODDLParser::OpenDDLParser::parseIntegerLiteral

Open kimkulling opened this issue 1 year ago • 1 comments

Status: New Owner: ---- CC: kim.k...@googlemail.com Labels: Restrict-View-Commit ClusterFuzz Stability-Memory-AddressSanitizer Reproducible Engine-libfuzzer OS-Linux Security_Severity-Medium Proj-assimp Reported-2023-08-30 Type: Bug-Security

New issue 61893 by ClusterFuzz-External: assimp:assimp_fuzzer: Container-overflow in ODDLParser::OpenDDLParser::parseIntegerLiteral https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61893

Detailed Report: https://oss-fuzz.com/testcase?key=4980126616780800

Project: assimp Fuzzing Engine: libFuzzer Fuzz Target: assimp_fuzzer Job Type: libfuzzer_asan_assimp Platform Id: linux

Crash Type: Container-overflow READ 1 Crash Address: 0x619000002c24 Crash State: ODDLParser::OpenDDLParser::parseIntegerLiteral ODDLParser::OpenDDLParser::parseDataList ODDLParser::OpenDDLParser::parseStructureBody

Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Crash Revision: https://oss-fuzz.com/revisions?job=libfuzzer_asan_assimp&revision=202308300601

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=4980126616780800

Issue filed automatically.

Nov 23 '23 09:11 kimkulling

See https://github.com/kimkulling/openddl-parser/issues/85

Nov 23 '23 09:11 kimkulling

assimp assimp copied to clipboard

Bug: Issue 61893 in oss-fuzz: assimp:assimp_fuzzer: Container-overflow in ODDLParser::OpenDDLParser::parseIntegerLiteral

assimp
assimp copied to clipboard