Malicious files can cause the program to enter a large loop

[pic4xiu]

Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

Expected behavior and actual behavior.

Program file format error, parsing failed~

But the program enters a big loop and keeps printing in the terminal:

...
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
...

I tested it with ubuntu, and the program ran for more than 4 hours.

Steps to reproduce the problem.

the poc is here

Run: opj_decompress -i bigloop -o te.raw

Maybe the memory must be at least greater than 8g to ensure successful reproduction.

Operating system

Ubuntu, macos, windows are all available

openjpeg version

OpenJPEG 2.5.0

[pedrohc]

CVE-2023-39327 was assigned to this flaw. If you wish to dispute or reject please let me know.

[fundawang]

could anyone confirm that this issue was fixed by pull#1547?

[jubalh]

@fundawang the POC is mentioned above. Just run it and report back.

[mayeut]

The pull request confirms that it's not fixed in its description. A slight modification of the PoC allows to trigger the behavior.

[tariqmchoudhry]

Does anyone has a work around or a fix ready for this issues?