-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use-after-free in opj_j2k_write_mco #563
Labels
Milestone
Comments
Still no release for this fairly important issue? I would suggest bumping outstanding 2.1.1 issues to 2.1.2 and releasing 2.1.1 now. Also, if you don't have a CVE yet—I haven't seen a reply to Josselin Feist's request on oss-sec mailing list—you should contact either Kurt Seifried (kseifried@redhat.com) or MITRE (cve-assign@mitre.org) directly to ask for one. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I have found a potential use-after-free in opj_j2k_write_mco function, of the j2k.c file.
At line 5562, l_current_data is set to p_j2k->m_specific_param.m_encoder.m_header_tile_data.
But at line 5567, p_j2k->m_specific_param.m_encoder.m_header_tile_data is used as arg of realloc, and so can be freed.
But l_current_data is used later (line 5597, 5582 ...), and so can point to a freed memory zone
A simple fixed, should be to affect l_current_data to p_j2k->m_specific_param.m_encoder.m_header_tile_data after the line 5577
The vulnerability was found by my static binary analyzer gueb (that will become open-source soon)
Regards,
Feist Josselin
The text was updated successfully, but these errors were encountered: