Buffer overflow in getting properties

msh_smlv · October 29, 2019, 6:23pm

Hello!

During an internal security assessment of the medical ML pipeline based on Simple-itk we found buffer-overflow in DicomReader.

I guess that it happens because you use the buffer which is located on the stack for getting properties.
In the attached file you can find the file which triggers the buffer-overflow(With long PatientName, the length more than 512) and the source code which we used.

We also tried to read this file with python module The behavior was the same.

buffer_overflow.zip (270.5 KB) .

Thanks.

blowekamp · October 29, 2019, 6:36pm

Thank you for reporting the issue. And tracking it down. Could you please create an issue on Github:

blowekamp · October 30, 2019, 11:32am

This issue is addressed in this PR: https://github.com/InsightSoftwareConsortium/ITK/pull/1373