Closed
Description
(This problem is discovered with UBSAN enabled)
On latest version (2.3) and master branch of openjpeg:
there is an integer overflow caused by out-of-bound left shift in opj_j2k_setup_encoder function (src/lib/openjp2/j2k.c), which could cause denial of service via a crafted bmp file.
src/lib/openjp2/j2k.c:7304:48: runtime error: shift exponent 4294967295 is too large for 32-bit type 'int'
To reproduce this issue, run: bin/opj_compress -n 1 -i $POC -o OUTPUT
The POC could be downloaded at: https://github.com/ProbeFuzzer/poc/blob/master/openjpeg/openjpeg_2-3_opj_compress_integer-overflow_opj_j2k_setup_encoder.bmp
Metadata
Assignees
Labels
No labels