Closed
Description
Hi,
I have found a potential use-after-free in opj_j2k_write_mco function, of the j2k.c file.
At line 5562, l_current_data is set to p_j2k->m_specific_param.m_encoder.m_header_tile_data.
But at line 5567, p_j2k->m_specific_param.m_encoder.m_header_tile_data is used as arg of realloc, and so can be freed.
But l_current_data is used later (line 5597, 5582 ...), and so can point to a freed memory zone
A simple fixed, should be to affect l_current_data to p_j2k->m_specific_param.m_encoder.m_header_tile_data after the line 5577
The vulnerability was found by my static binary analyzer gueb (that will become open-source soon)
Regards,
Feist Josselin