Skip to content

jasper-1.900.29 Heap Buffer Overflow vulnerabilities due to some programming mistake (different from #93) #94

Closed
@twelveand0

Description

@twelveand0

overview

Different from #93
The vulnerability is found in jasper-1.900.29 and is a Heap Buffer Overflow vulnerabilities. The vulnerability exists in code responsible for decoding the input image to a JP2 file. The vulnerability is a Heap Buffer Overflow vulnerability which can cause Out-of-Bound write due to a programming mistake (i.e. a mistake when setting the size of a memory allocation). The vulnerability can cause Denial-of-Service and may cause Remote-Code-Execution.

Analysis and PoC

The detail analysis report and PoC file can be found in the attachment. In order to avoid disclosing it before release of patch, I have encrypted the zip file. Developers can communicate with me to get the password.
report_and_poc2.zip

decrypted report

report2.pdf

Author

name: Bingchang, Liu @ VARAS of IIE
email: l.bingchang.bc@gmail.com
org: IIE (http://iie.ac.cn)

Note

I have also reported this to RedHat Security Team.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions