-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reachable assertions in jpc_firstone #172
Comments
The problem is basically integer width one. The assertion will be triggered by an overflowing int_fast32_t that will be passed to the jpc_firstone(int). The problem is that the calling function will assure always that the parameter is positive, but int_fast32_t is a 64-bit integer on 64-bit systems. Hence the overflow and the parameter can become negative. |
http://paste.opensuse.org/view/raw/330751ce fixes the problem by using parameter int_fast32_t that is guaranteed to be AT LEAST 32-bit in the two functions in jpc_math.{c,h}. This avoids the overflow and the assert should not be triggered by a file. |
Why was this closed? AFAICS, no patch was applied address this. This repo had no change since Dec 2017. |
it is opening |
Any progress? |
This issue was assigned CVE-2018-9055 |
Fix denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. Assigned CVE-2018-9055. Fixes jasper-software#172. Fix by Fridrich Strba <FStrba@suse.com>.
@jridky I just proposed a fix that we use since some time. Do you have some fixes from RH for this or other issues as well? |
Hi, thanks for the fix. Unfortunately, I am not aware of any fix to jasper from RH site. |
Fix denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. Assigned CVE-2018-9055. Fixes jasper-software/jasper#172. Fix by Fridrich Strba <FStrba@suse.com>. See: jasper-software/jasper#204 Fix #9
Fix denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. Assigned CVE-2018-9055. Fixes jasper-software/jasper#172. See: jasper-software/jasper#204 Fix #9
Fixed by jasper-maint/jasper@e6c8d5a in our fork |
Merged as e6c8d5a |
Description of problem:
There is a reachable assertion abort in function jpc_firstone of JasPer that will lead to remote denial of service attack.
Version-Release number of selected component (if applicable):
<= latest version
The output information is as follows:
The gdb debugging information is listed below:
jpc_firstone in jpc_math.c
Additional info:
Credits:
pwd @360TeamSerious
poc https://github.com/TeamSeri0us/pocs/blob/master/jasper/poc
The text was updated successfully, but these errors were encountered: