oss-sec mailing list archives

Re: Re: Fuzzing jasper

From: Hanno Böck <hanno () hboeck de>
Date: Mon, 17 Oct 2016 01:02:45 +0200

Hi,

On Sun, 16 Oct 2016 10:23:43 +0000
Graham Christensen <graham () grahamc com> wrote:

For what it is worth, Jasper has recently issued a release fixing many
CVEs, and would likely appreciate these fussing results as bug
reports on their github project: https://github.com/mdadams/jasper/


I tested the code again with afl (after the fixes for the stuff
Agostino reported) and it immediately found multiple issues:

https://github.com/mdadams/jasper/issues/28
Heap overflow in jpc_dec_cp_setfromcox()

https://github.com/mdadams/jasper/issues/29
Heap overflow in jpc_getuint16()

https://github.com/mdadams/jasper/issues/30
segfault / null pointer access in jpc_pi_destroy

https://github.com/mdadams/jasper/issues/31
double free on jpeg parsing

https://github.com/mdadams/jasper/issues/32
assert in jpc_dec_tiledecode()


This will need some work till it's fuzzing resistant.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Attachment: _bin
Description: OpenPGP digital signature

Current thread:

Re: Fuzzing jasper cve-assign (Oct 15)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)
  - Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
  - Re: Re: Fuzzing jasper Hanno Böck (Oct 16)
    - Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 17)
    - Re: Fuzzing jasper cve-assign (Oct 22)
    - Re: Fuzzing jasper cve-assign (Oct 23)
- <Possible follow-ups>
- Re: Fuzzing jasper Agostino Sarubbo (Oct 16)