You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found a heap buffer overflow vulnerability in the current master branch (release version 2.0.24)
poc file : hoob_8.zip
ASAN report
appl git:(master) ✗ ./jasper --input ../../../hoob_8 --output test.jp2
warning: not enough tile data (25 bytes)
warning: bad segmentation symbol
warning: bad segmentation symbol
warning: bad segmentation symbol
warning: bad segmentation symbol
warning: component data type mismatch
=================================================================
==66520==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000002f8 at pc 0x7f641ad754be bp 0x7fffbeaa2a50 sp 0x7fffbeaa2a48
READ of size 8 at 0x6020000002f8 thread T0
#0 0x7f641ad754bd in jp2_decode /home/kaka/fuzz/jasper/jasper/src/libjasper/jp2/jp2_dec.c:434:4
#1 0x7f641ad60188 in jas_image_decode /home/kaka/fuzz/jasper/jasper/src/libjasper/base/jas_image.c:436:16
#2 0x4f8d08 in main /home/kaka/fuzz/jasper/jasper/src/appl/jasper.c:235:16
#3 0x7f6419bde83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
#4 0x41b658 in _start (/home/kaka/fuzz/jasper/jasper/fuzz/src/appl/jasper+0x41b658)
0x6020000002f8 is located 0 bytes to the right of 8-byte region [0x6020000002f0,0x6020000002f8)
allocated by thread T0 here:
#0 0x4c7613 in malloc (/home/kaka/fuzz/jasper/jasper/fuzz/src/appl/jasper+0x4c7613)
#1 0x7f641ad668c8 in jas_malloc /home/kaka/fuzz/jasper/jasper/src/libjasper/base/jas_malloc.c:238:11
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/kaka/fuzz/jasper/jasper/src/libjasper/jp2/jp2_dec.c:434:4 in jp2_decode
Shadow bytes around the buggy address:
0x0c047fff8000: fa fa 04 fa fa fa 04 fa fa fa 04 fa fa fa 04 fa
0x0c047fff8010: fa fa 04 fa fa fa 04 fa fa fa 04 fa fa fa 04 fa
0x0c047fff8020: fa fa 04 fa fa fa 04 fa fa fa 04 fa fa fa 04 fa
0x0c047fff8030: fa fa 04 fa fa fa 04 fa fa fa 04 fa fa fa 04 fa
0x0c047fff8040: fa fa 04 fa fa fa 04 fa fa fa 03 fa fa fa fd fa
=>0x0c047fff8050: fa fa fd fa fa fa fd fa fa fa fd fd fa fa 00[fa]
0x0c047fff8060: fa fa 00 04 fa fa fd fd fa fa fd fd fa fa fd fd
0x0c047fff8070: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fa
0x0c047fff8080: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8090: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fa fa
0x0c047fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==66520==ABORTING
CVE-2021-3272 has assigned for the issue
Found by luo likang of NSFOCUS Security Team
The text was updated successfully, but these errors were encountered:
I found a heap buffer overflow vulnerability in the current master branch (release version 2.0.24)
poc file : hoob_8.zip
ASAN report
CVE-2021-3272 has assigned for the issue
Found by luo likang of NSFOCUS Security Team
The text was updated successfully, but these errors were encountered: