Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Mar 2017 21:16:22 -0500
From: Anthony Sasadeusz <sasadeu1@...c.edu>
To: oss-security@...ts.openwall.com
Subject: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)

admin@...172-31-13-10:~/jasper/build-asan/src/appl$ ./jasper --input
../../../build-afl/src/appl/findings/crashes/id\:000000\,sig\:11\,src\:000002\,op\:havoc\,rep\:16
--output /dev/null --output-format jp2
ASAN:SIGSEGV
=================================================================
==16088==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x7f45f3104fe6 sp 0x7ffcd24052c0 bp 0x7ffcd24063d0 T0)
    #0 0x7f45f3104fe5 in jp2_encode
/home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119
    #1 0x7f45f30de187 in jas_image_encode
/home/admin/jasper/src/libjasper/base/jas_image.c:471
    #2 0x402494 in main /home/admin/jasper/src/appl/jasper.c:277
    #3 0x7f45f2a1eb44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #4 0x401908 (/home/admin/jasper/build-asan/src/appl/jasper+0x401908)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119 jp2_encode
==16088==ABORTING


This also happens on the latest master branch.
The repo: https://github.com/mdadams/jasper

Crashing inputs found with afl:
https://github.com/nullsector/jasper-fuzz/tree/master/testcases/crashes

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.