Skip to content

[CVE-2016-10505] Null Pointer Access in function imagetopnm of convert.c #776

@trylab

Description

@trylab

Title

OpenJPEG Null Pointer Access in function imagetopnm of convert.c

Testing Environment

Ubuntu + OpenJPEG (GitHub master, 2016/05/06)

Exception Information

==22059== ERROR: AddressSanitizer: SEGV on unknown address 0x00000000 
    (pc 0x0805f813 sp 0xbfd3b8a0 bp 0xbfd3b958 T0)
AddressSanitizer can not provide additional info.
    #0 0x805f812 in imagetopnm /home/trylab/Desktop/repo/openjpeg/src/bin/jp2/convert.c:1974
    #1 0x805279a in main /home/trylab/Desktop/repo/openjpeg/src/bin/jp2/opj_decompress.c:1467
    #2 0xb5e96a82 (/lib/i386-linux-gnu/libc.so.6+0x19a82)
    #3 0x804a150 in _start (/home/trylab/Desktop/repo/openjpeg/bin/opj_decompress+0x804a150)
SUMMARY: AddressSanitizer: SEGV /home/trylab/Desktop/repo/openjpeg/src/bin/jp2/convert.c:1974 imagetopnm
==22059== ABORTING

PoC

https://raw.githubusercontent.com/trylab/PoCs/master/openjpeg/SIGSEGV_Null-Pointer-Access_imagetopnm/poc.j2k

Credit

Ke Liu of Tencent's Xuanwu LAB

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions