Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Sep 2016 20:41:43 +0800
From: <>
Subject: CVE request - openjpeg null ptr dereference

# Vulnerability
openjpeg null ptr dereference in convert.c:1331

# Version
2.1.1  ( )

# Address Sanitizer Output
==7358==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000 (pc
0x0815d204 bp 0xff846938 sp 0xff846380 T0)
    #0 0x815d203 in skip_white
    #1 0x8135d81 in main
    #2 0xf7343636 in __libc_start_main ??:?
    #3 0x807a31b in _start ??:?

# PoC
See poc.ppm

# Analysis
In convert.c:1483 and convert.c:1485, variable s is uncheck after
skip_int is called.
A null ptr will be passed to skip_int again and will cause a null ptr

# Report Timeline
2016-09-16: FB3F15 of STARLAB discovered this issue
2016-09-18:Patch released

# Credit

# PoC

# External link

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ