2022.09.29 19:50 "[Tiff] libtiff going out of memory", by Robert Loehning

Hello,

fuzzing Qt's usage of libtiff found a file which causes the test to go out of memory. It's a 3.1KB TIFF file. While I tried to research the issue in our calling code, I noticed that also other programs seem to be affected: Browsing the directory which contains the file with Ubuntu's Nautilus is slowing down the entire system, presumably when trying to generate a thumbnail. With libtiff's fuzzer in oss-fuzz, I could not reproduce a problem, though.

I'd like to hand over that file to somebody who knows his or her way around libtiff and can evaluate its risk. Can you please give me some advice to whom and how to send the file or where to upload it?

For reference, the issue is being tracked in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49080 which is not public yet. Google will publish it on October 11th.

Best Regards,
Robert