View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000605 | file | General | public | 2025-01-04 09:26 | 2025-01-04 09:26 |
| Reporter | YancyLii | Assigned To | |||
| Priority | high | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 5.45 | ||||
| Summary | 0000605: Uncontrolled Memory Allocation in | ||||
| Description | A potential out-of-memory crash occurs in the libmagic project when processing malformed input through the function uncompressxzlib. The issue is triggered by the absence of proper input validation or resource limits, causing the liblzma library to attempt a massive memory allocation (malloc(2147483648) = 2GB) and crash. | ||||
| Steps To Reproduce | 1. Download the tar.gz file and decompress it, then (sudo) execute shell script 2. ./Test_libmagic_1 oom-fed84141c516fcdbb9961ba3a30fa85e41e569a1 3. Observe the error message | ||||
| Tags | libmagic | ||||
