Malicious files can cause the program to enter a large loop
pic4xiu opened this issue · 4 comments
Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
Expected behavior and actual behavior.
Program file format error, parsing failed~
But the program enters a big loop and keeps printing in the terminal:
...
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
...
I tested it with ubuntu, and the program ran for more than 4 hours.
Steps to reproduce the problem.
the poc is here
Run: opj_decompress -i bigloop -o te.raw
Maybe the memory must be at least greater than 8g to ensure successful reproduction.
Operating system
Ubuntu, macos, windows are all available
openjpeg version
OpenJPEG 2.5.0
CVE-2023-39327 was assigned to this flaw. If you wish to dispute or reject please let me know.
could anyone confirm that this issue was fixed by pull#1547?
@fundawang the POC is mentioned above. Just run it and report back.
The pull request confirms that it's not fixed in its description. A slight modification of the PoC allows to trigger the behavior.