Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
[CVE-2016-9118] Heap Buffer Overflow in function pnmtoimage of convert.c #861
OpenJPEG Heap Buffer Overflow in function pnmtoimage of convert.c:1719
Ubuntu(16.04) + OpenJPEG(2.1.2)
Address Sanitizer Output
==9282==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb57007f4 at pc 0x08146481 bp 0xbffe8268 sp 0xbffe825c
0xb57007f4 is located 0 bytes to the right of 4-byte region [0xb57007f0,0xb57007f4)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_compress+0x8146480)
Program received signal SIGSEGV, Segmentation fault.
Contact me if you need Poc file at YangX92@hotmail.com
It does. Yes extending it is good practice, although sometimes a bit tricky to be relevant when using fuzzed files that might be rejected for other reasons by later fixes. So ideally files should exhibit one single defect and be conformant/usual for the rest.