jasper-2.0.8 Heap-Use-After-Free due to not setting related pointers to be null after free #105
Labels
Comments
|
This issue has been assigned CVE-2016-9591. |
|
This is a patch extracted from my report. The developer will need to confirm it. Thanks. |
|
This problem should now be fixed in commit 03fe49a. |
|
@twelveand0 could you make the poc public? thanks |
Hi, the attachments are now public. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Overview
I have found a heap-use-after-free vulnerability in jasper-2.0.8 (an open-source initiative to provide
a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1
standard) using AFL (http://lcamtuf.coredump.cx/afl/). The vulnerability exists in code responsible
for re-encoding the decoded input image file to a JP2 image. The vulnerability is caused by not
setting related pointers to be null after the pointers are freed (i.e. missing Setting-Pointer-Null
operations after free). The vulnerability can further cause double-free.
Analysis and PoC
The detail analysis report and PoC files can be found in the attachment. In order to avoid disclosing it before release of patch, I have encrypted the zip file. Developers can communicate with me to get the password.
report+poc.zip
PUBLIC
report_and_poc.zip
Author
name: Bingchang, Liu @ VARAS of IIE
email: l.bingchang.bc@gmail.com
org: IIE (http://iie.ac.cn)
Note
I have also reported this to RedHat Security Team.
The text was updated successfully, but these errors were encountered: