You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have found a heap-use-after-free vulnerability in jasper-2.0.8 (an open-source initiative to provide
a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1
standard) using AFL (http://lcamtuf.coredump.cx/afl/). The vulnerability exists in code responsible
for re-encoding the decoded input image file to a JP2 image. The vulnerability is caused by not
setting related pointers to be null after the pointers are freed (i.e. missing Setting-Pointer-Null
operations after free). The vulnerability can further cause double-free.
Analysis and PoC
The detail analysis report and PoC files can be found in the attachment. In order to avoid disclosing it before release of patch, I have encrypted the zip file. Developers can communicate with me to get the password.
Overview
I have found a heap-use-after-free vulnerability in jasper-2.0.8 (an open-source initiative to provide
a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1
standard) using AFL (http://lcamtuf.coredump.cx/afl/). The vulnerability exists in code responsible
for re-encoding the decoded input image file to a JP2 image. The vulnerability is caused by not
setting related pointers to be null after the pointers are freed (i.e. missing Setting-Pointer-Null
operations after free). The vulnerability can further cause double-free.
Analysis and PoC
The detail analysis report and PoC files can be found in the attachment. In order to avoid disclosing it before release of patch, I have encrypted the zip file. Developers can communicate with me to get the password.
report+poc.zip
PUBLIC
report_and_poc.zip
Author
name: Bingchang, Liu @ VARAS of IIE
email: l.bingchang.bc@gmail.com
org: IIE (http://iie.ac.cn)
Note
I have also reported this to RedHat Security Team.
The text was updated successfully, but these errors were encountered: