Hello,
I have identified a reproducible memory-safety issue in DevIL's image loading/parsing code.
The issue is reachable through public DevIL loading APIs on a clean checkout with AddressSanitizer enabled. I have prepared a small report package containing:
affected commit information
standalone C reproducers
malformed image file
ASan/UBSan run logs
source-level root cause notes
clean-checkout reproduction steps
suggested fix direction
I would prefer not to disclose the malformed input, reproducer details, or sanitizer output publicly before the maintainer has had a chance to review them.
Is there a preferred private security contact, email address, or disclosure route for this project?
Best regards,
Yukimura
Hello,
I have identified a reproducible memory-safety issue in DevIL's image loading/parsing code.
The issue is reachable through public DevIL loading APIs on a clean checkout with AddressSanitizer enabled. I have prepared a small report package containing:
affected commit information
standalone C reproducers
malformed image file
ASan/UBSan run logs
source-level root cause notes
clean-checkout reproduction steps
suggested fix direction
I would prefer not to disclose the malformed input, reproducer details, or sanitizer output publicly before the maintainer has had a chance to review them.
Is there a preferred private security contact, email address, or disclosure route for this project?
Best regards,
Yukimura