Malicious files can cause the program to enter a large loop

Question

Malicious files can cause the program to enter a large loop

pic4xiu opened this issue a year ago · 4 comments

Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

Expected behavior and actual behavior.

Program file format error, parsing failed~

But the program enters a big loop and keeps printing in the terminal:

...
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
...

I tested it with ubuntu, and the program ran for more than 4 hours.

Steps to reproduce the problem.

the poc is here

Run: opj_decompress -i bigloop -o te.raw

Maybe the memory must be at least greater than 8g to ensure successful reproduction.

Operating system

Ubuntu, macos, windows are all available

openjpeg version

OpenJPEG 2.5.0

Answer 1 · 2024-07-04T15:20:26.000Z

CVE-2023-39327 was assigned to this flaw. If you wish to dispute or reject please let me know.

Answer 2 · 2024-09-18T03:51:49.000Z

could anyone confirm that this issue was fixed by pull#1547?

Answer 3 · 2024-09-18T05:40:53.000Z

@fundawang the POC is mentioned above. Just run it and report back.

Answer 4 · 2024-09-18T05:48:28.000Z

The pull request confirms that it's not fixed in its description. A slight modification of the PoC allows to trigger the behavior.