oss-sec mailing list archives
CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)
From: Anthony Sasadeusz <sasadeu1 () umbc edu>
Date: Sun, 5 Mar 2017 21:16:22 -0500
admin@ip-172-31-13-10:~/jasper/build-asan/src/appl$ ./jasper --input ../../../build-afl/src/appl/findings/crashes/id\:000000\,sig\:11\,src\:000002\,op\:havoc\,rep\:16 --output /dev/null --output-format jp2 ASAN:SIGSEGV ================================================================= ==16088==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f45f3104fe6 sp 0x7ffcd24052c0 bp 0x7ffcd24063d0 T0) #0 0x7f45f3104fe5 in jp2_encode /home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119 #1 0x7f45f30de187 in jas_image_encode /home/admin/jasper/src/libjasper/base/jas_image.c:471 #2 0x402494 in main /home/admin/jasper/src/appl/jasper.c:277 #3 0x7f45f2a1eb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) #4 0x401908 (/home/admin/jasper/build-asan/src/appl/jasper+0x401908) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119 jp2_encode ==16088==ABORTING This also happens on the latest master branch. The repo: https://github.com/mdadams/jasper Crashing inputs found with afl: https://github.com/nullsector/jasper-fuzz/tree/master/testcases/crashes
Current thread:
- CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Anthony Sasadeusz (Mar 05)
- Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Emilio Pozuelo Monfort (Mar 06)
- Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Tomas Hoger (Mar 06)
- Re: JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Anthony Sasadeusz (Mar 07)
- Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Emilio Pozuelo Monfort (Mar 06)