Skip to content

Use-after-free in opj_j2k_write_mco #563

Closed
@montyly

Description

@montyly

Hi,

I have found a potential use-after-free in opj_j2k_write_mco function, of the j2k.c file.

At line 5562, l_current_data is set to p_j2k->m_specific_param.m_encoder.m_header_tile_data.
But at line 5567, p_j2k->m_specific_param.m_encoder.m_header_tile_data is used as arg of realloc, and so can be freed.

But l_current_data is used later (line 5597, 5582 ...), and so can point to a freed memory zone

A simple fixed, should be to affect l_current_data to p_j2k->m_specific_param.m_encoder.m_header_tile_data after the line 5577

The vulnerability was found by my static binary analyzer gueb (that will become open-source soon)

Regards,
Feist Josselin

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions