Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Mar 2017 21:16:22 -0500
From: Anthony Sasadeusz <>
Subject: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)

admin@...172-31-13-10:~/jasper/build-asan/src/appl$ ./jasper --input
--output /dev/null --output-format jp2
==16088==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x7f45f3104fe6 sp 0x7ffcd24052c0 bp 0x7ffcd24063d0 T0)
    #0 0x7f45f3104fe5 in jp2_encode
    #1 0x7f45f30de187 in jas_image_encode
    #2 0x402494 in main /home/admin/jasper/src/appl/jasper.c:277
    #3 0x7f45f2a1eb44 in __libc_start_main
    #4 0x401908 (/home/admin/jasper/build-asan/src/appl/jasper+0x401908)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119 jp2_encode

This also happens on the latest master branch.
The repo:

Crashing inputs found with afl:

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ