Skip to content

Security contact for reproducible memory-safety issue in DevIL image loading #114

Description

@damseleng

Hello,

I have identified a reproducible memory-safety issue in DevIL's image loading/parsing code.

The issue is reachable through public DevIL loading APIs on a clean checkout with AddressSanitizer enabled. I have prepared a small report package containing:

affected commit information
standalone C reproducers
malformed image file
ASan/UBSan run logs
source-level root cause notes
clean-checkout reproduction steps
suggested fix direction

I would prefer not to disclose the malformed input, reproducer details, or sanitizer output publicly before the maintainer has had a chance to review them.

Is there a preferred private security contact, email address, or disclosure route for this project?

Best regards,
Yukimura

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions