openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) (INCOMPLETE FIX FOR CVE-2017-14152)

Description: openjpeg is an open-source JPEG 2000 library. The fix for CVE-2017-14152 seems that wasn’t enough. The complete ASan output of the issue: # opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i $FILE -o null.j2k TIFFReadDirectoryCheckOrder: Warning, … Continue reading openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) (INCOMPLETE FIX FOR CVE-2017-14152)

agostino's blog
1 Comment