oss-sec mailing list archives
Re: Fuzzing jasper
From: Agostino Sarubbo <ago () gentoo org>
Date: Sun, 16 Oct 2016 12:41:15 +0200
Hello all, I would like to inform people that the jasper development is alive on github since few days, I filed the bugs and some was fixed. Below the link to my blogs for each issue which contains the commit fix and or/the status. On Tuesday 23 August 2016 20:40:27 Agostino Sarubbo wrote:
Hello all, I fuzzed jasper and it revealed some crashes, we know that jasper has no more release(s) since a lot of time, so there are some unfixed vulnerabilities. Based on what I said, I don't know if any of the following crashes have been reported in the past. I know that Jasper clearly state about its capability on the BMP format, so if you think that something is suitable for an identifier, please assign one. Thanks. NOTE: The command used in all cases was: imginfo $CRAFTED_IMAGE
SUMMARY: AddressSanitizer: SEGV /tmp/portage/media-libs/jasper-1.900.1- r9/work/jasper-1.900.1/src/libjasper/bmp/bmp_dec.c:383:5 in bmp_getdata
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
SUMMARY: AddressSanitizer: SEGV /tmp/portage/media-libs/jasper-1.900.1- r9/work/jasper-1.900.1/src/libjasper/bmp/bmp_dec.c:385:5 in bmp_getdata
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
SUMMARY: AddressSanitizer: FPE /tmp/portage/media-libs/jasper-1.900.1- r9/work/jasper-1.900.1/src/libjasper/jpc/jpc_dec.c:1195:17 in jpc_dec_process_siz
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
SUMMARY: AddressSanitizer: FPE /tmp/portage/media-libs/jasper-1.900.1- r9/work/jasper-1.900.1/src/libjasper/jpc/jpc_dec.c:1197:18 in jpc_dec_process_siz
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
SUMMARY: AddressSanitizer: double-free /var/tmp/temp/portage/sys- devel/llvm-3.8.0-r2/work/llvm-3.8.0.src/projects/compiler- rt/lib/asan/asan_malloc_linux.cc:38 in free
https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/ SUMMARY: The two SEGV are patched and they aren't in any release The two FPE are patches and they are in 1.900.4 The double-free is unfixed. -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- Re: Fuzzing jasper cve-assign (Oct 15)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)
- Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
- Re: Re: Fuzzing jasper Hanno Böck (Oct 16)
- Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 17)
- Re: Fuzzing jasper cve-assign (Oct 22)
- Re: Fuzzing jasper cve-assign (Oct 23)
- <Possible follow-ups>
- Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)