Description
Overview
I have found a Heap Buffer Overflow vulnerability in jasper-1.900.29. The vulnerability exists in code responsible for decoding the input image to a JP2 file. The vulnerability is a Heap Buffer Overflow vulnerability which can cause Out-of-Bound write due to a programming mistake (i.e. a mistake when setting the size of a memory allocation). The vulnerability can cause Denial-of-Service and may cause Remote-Code-Execution.
Analysis and Poc
The detail analysis report and PoC file can be found in the attachment. In order to avoid disclosing it before release of patch, I have encrypted the zip file. Developers can communicate with me to get the password.
report_and_poc1.zip
Decrypted Report
Author
name: Bingchang, Liu @ VARAS of IIE
email: l.bingchang.bc@gmail.com
org: IIE (http://iie.ac.cn)
Note
I have also reported this to RedHat Security Team.