Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 6 Mar 2017 09:06:00 +0100
From: Emilio Pozuelo Monfort <pochu27@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference
 jp2_encode (jp2_enc.c)

On 06/03/17 03:16, Anthony Sasadeusz wrote:
> admin@...172-31-13-10:~/jasper/build-asan/src/appl$ ./jasper --input
> ../../../build-afl/src/appl/findings/crashes/id\:000000\,sig\:11\,src\:000002\,op\:havoc\,rep\:16
> --output /dev/null --output-format jp2
> ASAN:SIGSEGV
> =================================================================
> ==16088==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
> (pc 0x7f45f3104fe6 sp 0x7ffcd24052c0 bp 0x7ffcd24063d0 T0)
>     #0 0x7f45f3104fe5 in jp2_encode
> /home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119
>     #1 0x7f45f30de187 in jas_image_encode
> /home/admin/jasper/src/libjasper/base/jas_image.c:471
>     #2 0x402494 in main /home/admin/jasper/src/appl/jasper.c:277
>     #3 0x7f45f2a1eb44 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
>     #4 0x401908 (/home/admin/jasper/build-asan/src/appl/jasper+0x401908)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV
> /home/admin/jasper/src/libjasper/jp2/jp2_enc.c:119 jp2_encode
> ==16088==ABORTING
> 
> 
> This also happens on the latest master branch.
> The repo: https://github.com/mdadams/jasper
> 
> Crashing inputs found with afl:
> https://github.com/nullsector/jasper-fuzz/tree/master/testcases/crashes

You should request CVEs at http://cveform.mitre.org/ these days.

Also it'd be good if you opened an upstream bug report about this.

Cheers,
Emilio

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ