Security vulnerabilities and automated fixes for image processing issues
2 posts found
A critical heap buffer overflow vulnerability was discovered in `src/chart/main.c`, where `memcpy` and `memmove` calls failed to validate buffer sizes before copying color calibration data — allowing a crafted input file to overwrite heap metadata and adjacent memory. The fix adds allocation failure checks after `realloc` calls and replaces `malloc` with `calloc` to zero-initialize buffers, eliminating the risk of uninitialized memory being exploited. This type of vulnerability is a reminder tha
A critical heap buffer overflow vulnerability was discovered and patched in the ndsrvp HAL filter routines, where multiple `memcpy` calls used computed sizes derived from image dimensions without validating they fit within destination buffers. An attacker supplying a crafted image could exploit this to corrupt heap memory, potentially achieving arbitrary code execution. This post breaks down how the vulnerability works, how it was fixed, and what developers can do to prevent similar issues.