-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Out-of-bound left shift in opj_j2k_setup_encoder (src/lib/openjp2/j2k.c) #1057
Comments
This was assigned CVE-2018-5785 |
The underlying issue is actually in I'll investigate further and PR a patch. |
Just submitted a PR addressing this issue. |
Hello. I would like to tell you about CVE-2018-5785 addressed in this issue. I found this vulnerability in version 2.1.2, and I also confirmed that integer overflow occurs in that version. We would appreciate it if you confirm the information and reflect it. |
(This problem is discovered with UBSAN enabled)
On latest version (2.3) and master branch of openjpeg:
there is an integer overflow caused by out-of-bound left shift in opj_j2k_setup_encoder function (src/lib/openjp2/j2k.c), which could cause denial of service via a crafted bmp file.
src/lib/openjp2/j2k.c:7304:48: runtime error: shift exponent 4294967295 is too large for 32-bit type 'int'
To reproduce this issue, run: bin/opj_compress -n 1 -i $POC -o OUTPUT
The POC could be downloaded at: https://github.com/ProbeFuzzer/poc/blob/master/openjpeg/openjpeg_2-3_opj_compress_integer-overflow_opj_j2k_setup_encoder.bmp
The text was updated successfully, but these errors were encountered: