-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reachable assertions in jpc_dec_process_siz() #165
Comments
Note that the two assert()s triggered be these reproducers were introduced in Jasper version 2.0.12 via a712a20. |
This vulnerability has been fixed in our fork: https://github.com/jasper-maint/jasper/ |
jubalh
added a commit
to jubalh/buildroot
that referenced
this issue
Jul 28, 2020
Changes: * Fix CVE-2018-9154 jasper-software/jasper#215 jasper-software/jasper#166 jasper-software/jasper#175 jasper-maint/jasper#8 * Fix CVE-2018-19541 jasper-software/jasper#199 jasper-maint/jasper#6 * Fix CVE-2016-9399, CVE-2017-13751 jasper-maint/jasper#1 * Fix CVE-2018-19540 jasper-software/jasper#182 jasper-maint/jasper#22 * Fix CVE-2018-9055 jasper-maint/jasper#9 * Fix CVE-2017-13748 jasper-software/jasper#168 * Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 jasper-maint/jasper#3 jasper-maint/jasper#4 jasper-maint/jasper#5 jasper-software/jasper#88 jasper-software/jasper#89 jasper-software/jasper#90 * Fix CVE-2018-9252 jasper-maint/jasper#16 * Fix CVE-2018-19139 jasper-maint/jasper#14 * Fix CVE-2018-19543, CVE-2017-9782 jasper-maint/jasper#13 jasper-maint/jasper#18 jasper-software/jasper#140 jasper-software/jasper#182 * Fix CVE-2018-20570 jasper-maint/jasper#11 jasper-software/jasper#191 * Fix CVE-2018-20622 jasper-maint/jasper#12 jasper-software/jasper#193 * Fix CVE-2016-9398 jasper-maint/jasper#10 * Fix CVE-2017-14132 jasper-maint/jasper#17 * Fix CVE-2017-5499 jasper-maint/jasper#2 jasper-software/jasper#63 * Fix CVE-2018-18873 jasper-maint/jasper#15 jasper-software/jasper#184 * Fix jasper-software/jasper#207 * Fix jasper-software/jasper#194 part 1 * Fix CVE-2017-13750 jasper-software/jasper#165 jasper-software/jasper#174 * New option -DJAS_ENABLE_HIDDEN=true to not export internal symbols in the public symbol table * Fix various memory leaks * Plenty of code cleanups, and performance improvements
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Aug 3, 2020
Fixes the following security issues: * Fix CVE-2018-9154 jasper-software/jasper#215 jasper-software/jasper#166 jasper-software/jasper#175 jasper-maint/jasper#8 * Fix CVE-2018-19541 jasper-software/jasper#199 jasper-maint/jasper#6 * Fix CVE-2016-9399, CVE-2017-13751 jasper-maint/jasper#1 * Fix CVE-2018-19540 jasper-software/jasper#182 jasper-maint/jasper#22 * Fix CVE-2018-9055 jasper-maint/jasper#9 * Fix CVE-2017-13748 jasper-software/jasper#168 * Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 jasper-maint/jasper#3 jasper-maint/jasper#4 jasper-maint/jasper#5 jasper-software/jasper#88 jasper-software/jasper#89 jasper-software/jasper#90 * Fix CVE-2018-9252 jasper-maint/jasper#16 * Fix CVE-2018-19139 jasper-maint/jasper#14 * Fix CVE-2018-19543, CVE-2017-9782 jasper-maint/jasper#13 jasper-maint/jasper#18 jasper-software/jasper#140 jasper-software/jasper#182 * Fix CVE-2018-20570 jasper-maint/jasper#11 jasper-software/jasper#191 * Fix CVE-2018-20622 jasper-maint/jasper#12 jasper-software/jasper#193 * Fix CVE-2016-9398 jasper-maint/jasper#10 * Fix CVE-2017-14132 jasper-maint/jasper#17 * Fix CVE-2017-5499 jasper-maint/jasper#2 jasper-software/jasper#63 * Fix CVE-2018-18873 jasper-maint/jasper#15 jasper-software/jasper#184 * Fix CVE-2017-13750 jasper-software/jasper#165 jasper-software/jasper#174 Furthermore, drop now upstreamed patches and change to the new jasper-software upstream location. Signed-off-by: Michael Vetter <jubalh@iodoru.org> [Peter: reword for security bump] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
woodsts
pushed a commit
to woodsts/buildroot
that referenced
this issue
Aug 18, 2020
Fixes the following security issues: * Fix CVE-2018-9154 jasper-software/jasper#215 jasper-software/jasper#166 jasper-software/jasper#175 jasper-maint/jasper#8 * Fix CVE-2018-19541 jasper-software/jasper#199 jasper-maint/jasper#6 * Fix CVE-2016-9399, CVE-2017-13751 jasper-maint/jasper#1 * Fix CVE-2018-19540 jasper-software/jasper#182 jasper-maint/jasper#22 * Fix CVE-2018-9055 jasper-maint/jasper#9 * Fix CVE-2017-13748 jasper-software/jasper#168 * Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 jasper-maint/jasper#3 jasper-maint/jasper#4 jasper-maint/jasper#5 jasper-software/jasper#88 jasper-software/jasper#89 jasper-software/jasper#90 * Fix CVE-2018-9252 jasper-maint/jasper#16 * Fix CVE-2018-19139 jasper-maint/jasper#14 * Fix CVE-2018-19543, CVE-2017-9782 jasper-maint/jasper#13 jasper-maint/jasper#18 jasper-software/jasper#140 jasper-software/jasper#182 * Fix CVE-2018-20570 jasper-maint/jasper#11 jasper-software/jasper#191 * Fix CVE-2018-20622 jasper-maint/jasper#12 jasper-software/jasper#193 * Fix CVE-2016-9398 jasper-maint/jasper#10 * Fix CVE-2017-14132 jasper-maint/jasper#17 * Fix CVE-2017-5499 jasper-maint/jasper#2 jasper-software/jasper#63 * Fix CVE-2018-18873 jasper-maint/jasper#15 jasper-software/jasper#184 * Fix CVE-2017-13750 jasper-software/jasper#165 jasper-software/jasper#174 Furthermore, drop now upstreamed patches and change to the new jasper-software upstream location. Signed-off-by: Michael Vetter <jubalh@iodoru.org> [Peter: reword for security bump] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit d0f7b24) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
woodsts
pushed a commit
to woodsts/buildroot
that referenced
this issue
Aug 18, 2020
Fixes the following security issues: * Fix CVE-2018-9154 jasper-software/jasper#215 jasper-software/jasper#166 jasper-software/jasper#175 jasper-maint/jasper#8 * Fix CVE-2018-19541 jasper-software/jasper#199 jasper-maint/jasper#6 * Fix CVE-2016-9399, CVE-2017-13751 jasper-maint/jasper#1 * Fix CVE-2018-19540 jasper-software/jasper#182 jasper-maint/jasper#22 * Fix CVE-2018-9055 jasper-maint/jasper#9 * Fix CVE-2017-13748 jasper-software/jasper#168 * Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 jasper-maint/jasper#3 jasper-maint/jasper#4 jasper-maint/jasper#5 jasper-software/jasper#88 jasper-software/jasper#89 jasper-software/jasper#90 * Fix CVE-2018-9252 jasper-maint/jasper#16 * Fix CVE-2018-19139 jasper-maint/jasper#14 * Fix CVE-2018-19543, CVE-2017-9782 jasper-maint/jasper#13 jasper-maint/jasper#18 jasper-software/jasper#140 jasper-software/jasper#182 * Fix CVE-2018-20570 jasper-maint/jasper#11 jasper-software/jasper#191 * Fix CVE-2018-20622 jasper-maint/jasper#12 jasper-software/jasper#193 * Fix CVE-2016-9398 jasper-maint/jasper#10 * Fix CVE-2017-14132 jasper-maint/jasper#17 * Fix CVE-2017-5499 jasper-maint/jasper#2 jasper-software/jasper#63 * Fix CVE-2018-18873 jasper-maint/jasper#15 jasper-software/jasper#184 * Fix CVE-2017-13750 jasper-software/jasper#165 jasper-software/jasper#174 Furthermore, drop now upstreamed patches and change to the new jasper-software upstream location. Signed-off-by: Michael Vetter <jubalh@iodoru.org> [Peter: reword for security bump] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit d0f7b24) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The following was reported by @owl337 in Red Hat Bugzilla, but apparently they never reported it upstream, hence re-reporting upstream. There problems were reported separate and with 2 CVEs, but merging those reports to a single upstream ticket as both issues are related. Markdown formatting of this report is mine.
--8<--
CVE-2017-13750
https://bugzilla.redhat.com/show_bug.cgi?id=1485280
Description of problem:
There is a reachable assertion abort in function jpc_dec_process_siz() of JasPer that will lead to remote denial of service attack.
Version-Release number of selected component (if applicable):
<= latest version
How reproducible:
./imginfo -f POC4
Steps to Reproduce:
The output information is as follows:
The gdb debugging information is listed below:
Trigged in:
Actual results:
crash
Expected results:
crash
Additional info:
Credits:
This vulnerability is detected by team OWL337, with our custom fuzzer collAFL. Please contact ganshuitao@gmail.com and chaoz@tsinghua.edu.cn if you need more info about the team, the tool or the vulnerability.
Reproducer: POC4.zip
--8<--
CVE-2017-13746
https://bugzilla.redhat.com/show_bug.cgi?id=1485286
Description of problem:
There is a reachable assertion abort in function jpc_dec_process_siz() of JasPer that will lead to remote denial of service attack.
Version-Release number of selected component (if applicable):
<= latest
How reproducible:
./imginfo -f POC8
Steps to Reproduce:
The output information is as follows:
The gdb debugging information is listed below:
Trigged in:
Actual results:
crash
Expected results:
crash
Additional info:
Credits:
This vulnerability is detected by team OWL337, with our custom fuzzer collAFL. Please contact ganshuitao@gmail.com and chaoz@tsinghua.edu.cn if you need more info about the team, the tool or the vulnerability.
Reproducer: POC8.zip
--8<--
The text was updated successfully, but these errors were encountered: