Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)

[Emilio Pozuelo Monfort <pochu27 () gmail com>]

On 06/03/17 03:16, Anthony Sasadeusz wrote:
> admin@ip-172-31-13-10:~/jasper/build-asan/src/appl$ ./jasper --input
> ../../../build-afl/src/appl/findings/crashes/id\:000000\,sig\:11\,src\:000002\,op\:havoc\,rep\:16
> --output /dev/null --output-format jp2
> ASAN:SIGSEGV
> =================================================================
> ==16088==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
> (pc 0x7f45f3104fe6 sp 0x7ffcd24052c0 bp 0x7ffcd24063d0 T0)
>     #0 0x7f45f3104fe5 in jp2_encode
> /home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119
>     #1 0x7f45f30de187 in jas_image_encode
> /home/admin/jasper/src/libjasper/base/jas_image.c:471
>     #2 0x402494 in main /home/admin/jasper/src/appl/jasper.c:277
>     #3 0x7f45f2a1eb44 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
>     #4 0x401908 (/home/admin/jasper/build-asan/src/appl/jasper+0x401908)
>
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV
> /home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119 jp2_encode
> ==16088==ABORTING
>
>
> This also happens on the latest master branch.
> The repo: https://github.com/mdadams/jasper
>
> Crashing inputs found with afl:
> https://github.com/nullsector/jasper-fuzz/tree/master/testcases/crashes

You should request CVEs at http://cveform.mitre.org/ these days.

Also it'd be good if you opened an upstream bug report about this.

Cheers,
Emilio