Category

Image Processing

Security vulnerabilities and automated fixes for image processing issues

4 posts found

critical9 min

How buffer overflow happens in C dcraw_lz.c nikon_3700() and how to fix it

A critical buffer overflow vulnerability was discovered in `lightcrafts/coprocesses/dcraw/dcraw_lz.c` at line 1334, where the `nikon_3700()` function used `strcpy()` to copy camera make and model strings into fixed 64-byte buffers without any bounds checking. A crafted RAW image file with oversized make/model metadata could trigger a heap or stack corruption, potentially enabling arbitrary code execution. The fix replaces both `strcpy()` calls with `strncpy()` and explicit null-termination, enfo

#buffer-overflow#C#CWE-120+4 more
O
orbisai0security
Jun 6, 2026
critical7 min

Integer Overflow in edge_detect.c Heap Allocation Enables Camera-Based Exploit

A critical integer overflow vulnerability in `C/filters/edge_detect.c` allowed an attacker controlling a virtual V4L2 camera device to supply manipulated width/height dimensions that would silently wrap around to zero during multiplication, causing a drastically undersized heap allocation. Subsequent writes to this tiny buffer result in heap corruption, potentially enabling arbitrary code execution. The fix replaces the unsafe `malloc(w * h)` pattern with overflow-safe `calloc((size_t)w, (size_t

#c#integer-overflow#heap-overflow+4 more
O
orbisai0security
Jun 2, 2026
critical8 min

Heap Buffer Overflow in darktable's Color Chart: How Unchecked memcpy Calls Put Image Processing at Risk

A critical heap buffer overflow vulnerability was discovered in `src/chart/main.c`, where `memcpy` and `memmove` calls failed to validate buffer sizes before copying color calibration data — allowing a crafted input file to overwrite heap metadata and adjacent memory. The fix adds allocation failure checks after `realloc` calls and replaces `malloc` with `calloc` to zero-initialize buffers, eliminating the risk of uninitialized memory being exploited. This type of vulnerability is a reminder tha

#buffer-overflow#c-security#memory-safety+4 more
O
orbisai0security
May 28, 2026
critical9 min

Heap Buffer Overflow in HAL Filter: How Unvalidated memcpy Sizes Can Sink Your App

A critical heap buffer overflow vulnerability was discovered and patched in the ndsrvp HAL filter routines, where multiple `memcpy` calls used computed sizes derived from image dimensions without validating they fit within destination buffers. An attacker supplying a crafted image could exploit this to corrupt heap memory, potentially achieving arbitrary code execution. This post breaks down how the vulnerability works, how it was fixed, and what developers can do to prevent similar issues.

#buffer-overflow#memory-safety#cpp+4 more
O
orbisai0security
May 14, 2026