Heap Buffer Overflow in function imagetotga of convert.c(jp2):942 #858
Comments
|
Please, refer to this issue as CVE-2016-9115 |
|
@Young-X Please verify if that occurs still with latest master. If so, please attach the reproducer to the ticket |
|
@Young-X can you please provide the reproducer? |
|
There is no crash with latest version and PoC that triggered #858. |
|
Hi
On Tue, Oct 24, 2017 at 01:27:23AM +0000, Young-X wrote:
There is no crash with latest version and PoC that triggered #858.
Sorry for replying late.
Thanks for confirming.
Can you please still provide the reproducer?
|
This was referenced May 19, 2025
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
DESCRIPTION
OPENJPEG Heap Buffer Overflow in function imagetotga of convert.c(jp2):942.
VERSION
OPENJPEG-2.1.2
Address Sanitizer Output
==5085==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb4a01754 at pc 0x08141b20 bp 0xbfcb8de8 sp 0xbfcb8ddc
READ of size 4 at 0xb4a01754 thread T0
#0 0x8141b1f (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_decompress+0x8141b1f)
#1 0x813731a (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_decompress+0x813731a)
#2 0xb7448636 (/lib/i386-linux-gnu/libc.so.6+0x18636)
#3 0x805f327 (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_decompress+0x805f327)
0xb4a01754 is located 12 bytes to the left of 52-byte region [0xb4a01760,0xb4a01794)
allocated by thread T0 here:
#0 0x81037f4 (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_decompress+0x81037f4)
#1 0xb7731e0c (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/libopenjp2.so.7+0x99e0c)
#2 0xb772525f (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/libopenjp2.so.7+0x8d25f)
#3 0xb76cb12a (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/libopenjp2.so.7+0x3312a)
#4 0xb76b853a (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/libopenjp2.so.7+0x2053a)
#5 0xb76b8064 (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/libopenjp2.so.7+0x20064)
#6 0xb76faa66 (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/libopenjp2.so.7+0x62a66)
#7 0x8136785 (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_decompress+0x8136785)
#8 0xb7448636 (/lib/i386-linux-gnu/libc.so.6+0x18636)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_decompress+0x8141b1f)
Shadow bytes around the buggy address:
0x36940290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x369402a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x369402b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x369402c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x369402d0: fa fa fa fa 00 00 00 00 00 00 04 fa fa fa fa fa
=>0x369402e0: 00 00 00 00 00 00 04 fa fa fa[fa]fa 00 00 00 00
0x369402f0: 00 00 04 fa fa fa fa fa 00 00 00 00 00 00 04 fa
0x36940300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36940310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36940320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36940330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Analysis
come soon
Poc
Contact me if you need Poc file at [email protected]
The text was updated successfully, but these errors were encountered: