New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid memory write in jas_icc.c:1333:23 #367
Comments
@mdadams Thanks for handling this so fast! Fix confirmed:
|
@pip-izony did you request a CVE for this, or do you plan to request one? |
I want to report it to CVE. |
Ok, then I'll wait :) Please comment the assigned CVE here once you have it.
I didn't do it yet. I thought I'll ask you first whether you prefer to do it yourself. |
Ok then I will report the bug. |
This issue has been assigned CVE-2023-51257 |
@jubalh I updated the NEWS file to mention this CVE. |
Could you add further info of the impact this bug has? Is there a possibility to leverage this into a RCE condition? |
This is a task for security researchers. We are upstream writing and maintaining an image library. Affected people can update to the latest version. Distributions already started backporting the fix into released versions. |
Environment
Ubuntu 22.04.3 LTS
Compiler
clang version 11.0.0
Target: x86_64-unknown-linux-gnu
Thread model: posix
Affected Version
jasper 4.1.1
Step to reproduce
Contents of PoCfile
PoC.zip
Expected behavior
Print error or warning messages handled within jasper.
Current behavior
The text was updated successfully, but these errors were encountered: