-
Notifications
You must be signed in to change notification settings - Fork 452
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
opj_decompress heap overflow Denial of Service issue #1413
Comments
payload.j2k contains dubious markers: [89]marker(0xff00) winfried |
Hi @rouault , openjpeg/src/lib/openjp2/ht_dec.c Line 1066 in 5292728
It should malloc flagssize * sizeof(opj_flag_t) Lines 1495 to 1496 in 5292728
Before this patch, this is asan report.
After patch, ASAN not report any error.
|
Expected behavior and actual behavior.
This vulnerability is a heap overflow bug issued by openjpeg opj_decompression.
This vulnerability can cause Denial of service.
Steps to reproduce the problem.
The environment setting is as follows.
OS : ubuntu20.04
Build option : cmake .. -DCMAKE_BUILD_TYPE=Release (I follow build option in openjpeg Official github)
Download the latest version of openjpeg from git and build it as follows.
mkdir build cd build cmake .. -DCMAKE_BUILD_TYPE=Release make
execute opj_decompress as follows
Double free will occur
payload url : https://www.notion.so/openjpeg-opj_decompress-double-free-bug-report-ddb096dc92274d6b8e305efc3f931ac8#53973c09200c45ed9c03d0e2a91da87d
screen shot : https://caramel-abacus-14e.notion.site/openjpeg-opj_decompress-double-free-bug-report-ddb096dc92274d6b8e305efc3f931ac8
call stack
openjpeg version
lastest version
The text was updated successfully, but these errors were encountered: