Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Mar 2017 21:16:22 -0500
From: Anthony Sasadeusz <sasadeu1@...c.edu>
To: oss-security@...ts.openwall.com
Subject: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)

admin@...172-31-13-10:~/jasper/build-asan/src/appl$ ./jasper --input
../../../build-afl/src/appl/findings/crashes/id\:000000\,sig\:11\,src\:000002\,op\:havoc\,rep\:16
--output /dev/null --output-format jp2
ASAN:SIGSEGV
=================================================================
==16088==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x7f45f3104fe6 sp 0x7ffcd24052c0 bp 0x7ffcd24063d0 T0)
    #0 0x7f45f3104fe5 in jp2_encode
/home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119
    #1 0x7f45f30de187 in jas_image_encode
/home/admin/jasper/src/libjasper/base/jas_image.c:471
    #2 0x402494 in main /home/admin/jasper/src/appl/jasper.c:277
    #3 0x7f45f2a1eb44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #4 0x401908 (/home/admin/jasper/build-asan/src/appl/jasper+0x401908)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119 jp2_encode
==16088==ABORTING


This also happens on the latest master branch.
The repo: https://github.com/mdadams/jasper

Crashing inputs found with afl:
https://github.com/nullsector/jasper-fuzz/tree/master/testcases/crashes

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ