oss-sec mailing list archives
Re: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function
From: cve-assign () mitre org
Date: Wed, 13 Jan 2016 12:51:42 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
We find a vulnerability in the way JasPer's jpc_pi_nextcprl() function parsed certain JPEG 2000 image files. I was successful in reproducing this issuel in the jasper-1.900.1-31.fc23.src. Starting program: ./jasper-1.900.1-31.fc23.src/jasper-1.900.1/src/appl/jasper -f ./jasper_poc/poc.jp2 -F temp.bmp -t jp2 -T bmp warning: trailing garbage in marker segment (6 bytes) Program received signal SIGSEGV, Segmentation fault. jpc_pi_nextcprl (pi=0x80a4ab0) at jpc_t2cod.c:435 435 pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn + (gdb) bt #0 jpc_pi_nextcprl (pi=0x80a4ab0) at jpc_t2cod.c:435
Use CVE-2016-1867. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWlos+AAoJEL54rhJi8gl5FlAP/0UvdOa/MOmWwDQeofST/PbE Ba+vQZcXSj58kD77fBaq6rfWbmlMGdK+F7hxyICV9ajWS/Pm+aXhXquF9vsqDsIR 5//jE3TWvmUgxXebX8Qyqp8xGtJH2Gpaqz/bYiCf9RjUPhaPiQkNxTRl08p5yF4H DSoDZS8NLfOgI6gAPEsbQRM1XoJM+rzv0VUcDbOMcQGXxjMGN4EMKM4vml5svvLX 2dn9BDAPMjTxPm62h1PLQFLCV7gyRmBN4Vu+Ya0HHob4jSb4NoPdxVPO9Jd1UdmJ y5KTpEYaTBhSrPtvXLS9UixUuUn/1ShkiQEZWpFJ7MUHcet2zRlm6sXj+xWssFbN 5qW7mXgMZ3bECRKn+hFonj5Z0spZfvA6bQKZJKBTMIIEBdsI/C/Vti6DBSeiRhmT HiZmIHs31X+PpVQNrEw0AaCUEyp3GtYOWpuxXETyBdpsl9Ky5ubS5Hw2bPVNsjz6 i291DcFlYvXlcLgh6JDJrKEYiOU+ZtYZWBpEK4XIPG0yvx1GTbeTnQJ2/yhCj7pU i69jRs3NkkG9snEOJbQv5n6ABTinrIB1PwxSYy9ekPIrbJnV+65TRf7wXTXvJ4Gi cebpJS8orRbgml1X4Azfc9bFoeZlpHBP90XhmZydvo6cGcYQS6ZQGI0p9uz7ssDF FcISpiPnRyny+eqg65Q3 =FzZr -----END PGP SIGNATURE-----
Current thread:
- Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function limingxing (Jan 12)
- Re: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function cve-assign (Jan 13)