upgrade twelvemonkeys dependency version #4

NEUZhangy · 2023-07-05T17:56:36Z

Hi, we found the insecure version of the dependency twelvemonkeys still used in the code : https://github.com/sentinel-hub/byoc-tool/blob/master/src/main/java/com/sinergise/sentinel/byoctool/tiff/TiffCompoundDirectory.java#L13, which may infinite loop in code. Test here:
JPEG link: https://github.com/haraldk/TwelveMonkeys/blob/4259903bddaadc94a7027ecece2351be3cd6ee9c/imageio/imageio-jpeg/src/test/resources/broken-jpeg/110115680-6d6dce80-7d84-11eb-99df-4cb21df3b09f.jpeg

public class TiffCompoundDirectoryTest {

    @Test(timeout = 1000L)
    public void testTiffCompoundDirectoryVulnerability() throws Exception {
        ImageInputStream malformedInput = createMalformedInput();

        try {
            new TiffCompoundDirectory(malformedInput);
        } catch (IIOException expected) {
            assertThat(expected.getMessage(), allOf(containsString("SOF"), containsString("stream")));
        }
    }

    private ImageInputStream createMalformedInput() throws IOException {
        File tempFile = File.createTempFile("temp-malformed", ".jpeg");

        ImageReader reader = createReader();

        try (ImageInputStream iis = ImageIO.createImageInputStream(getClassLoaderResource("/broken-jpeg/110115680-6d6dce80-7d84-11eb-99df-4cb21df3b09f.jpeg"))) {
            reader.setInput(iis);

            try {
                reader.read(0, null);
            } catch (IIOException expected) {
                assertThat(expected.getMessage(), allOf(containsString("SOF"), containsString("stream")));
            }
        }

        return ImageIO.createImageInputStream(tempFile);
    }

    private ImageReader createReader() {
        // Implement this method to return an ImageReader instance for JPEG
        // You can use the createReader() method from the original testInfiniteLoopCorrupt()
    }

    private static InputStream getClassLoaderResource(String path) {
        // Implement this method to return an InputStream for the given path
        // You can use the getClassLoaderResource() method from the original testInfiniteLoopCorrupt()
    }
}

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

upgrade twelvemonkeys dependency version #4

upgrade twelvemonkeys dependency version #4

NEUZhangy commented Jul 5, 2023

upgrade twelvemonkeys dependency version #4

upgrade twelvemonkeys dependency version #4

Comments

NEUZhangy commented Jul 5, 2023