Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Denial of service (crash) when decoding an illegal JPEG2000 image file v2.1.2 (2017-03) #879

Closed
PeteACoordinator opened this issue Jan 4, 2017 · 1 comment
Closed

Denial of service (crash) when decoding an illegal JPEG2000 image file v2.1.2 (2017-03) #879

PeteACoordinator opened this issue Jan 4, 2017 · 1 comment
Labels
bug

Comments

@PeteACoordinator
Copy link

Summary of the issue:
The opj_dump and opj_decompress utilities crash (segmentation fault) when parsing an illegal JPEG2000 image file. Any program which uses the OpenJPEG library will also crash when parsing such specially-crafted inputs.
Explanation:
The attached poc1.zip (password: infected) contains the specially crafted image file poc1.j2k which causes this issue. Example:
$ ./opj_dump -i poc1.j2k
poc1.zip
vulnerability-disclosure-openjpeg.docx
@szukw000 szukw000 mentioned this issue Jan 5, 2017
Closed
@rouault
Copy link
Collaborator

rouault commented Jul 29, 2017

probably fixed per 16aeb92

@rouault rouault closed this as completed Jul 29, 2017
@detonin detonin added the bug label Aug 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@detonin @rouault @PeteACoordinator