Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malicious files can cause the program to enter a large loop #1472

Open
pic4xiu opened this issue Jul 16, 2023 · 8 comments
Open

Malicious files can cause the program to enter a large loop #1472

pic4xiu opened this issue Jul 16, 2023 · 8 comments

Comments

@pic4xiu
Copy link

pic4xiu commented Jul 16, 2023
edited
Loading

Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

Expected behavior and actual behavior.

Program file format error, parsing failed~

But the program enters a big loop and keeps printing in the terminal:

...
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
[WARNING] Not enough space for expected EPH marker
[WARNING] Not enough space for expected SOP marker
...

I tested it with ubuntu, and the program ran for more than 4 hours.

Steps to reproduce the problem.

the poc is here

Run: opj_decompress -i bigloop -o te.raw

Maybe the memory must be at least greater than 8g to ensure successful reproduction.

Operating system

Ubuntu, macos, windows are all available

openjpeg version

OpenJPEG 2.5.0
@pedrohc
Copy link

pedrohc commented Jul 4, 2024

CVE-2023-39327 was assigned to this flaw. If you wish to dispute or reject please let me know.

@mayeut mayeut mentioned this issue Aug 17, 2024
Merged
@fundawang
Copy link

could anyone confirm that this issue was fixed by pull#1547?

@jubalh
Copy link

jubalh commented Sep 18, 2024

@fundawang the POC is mentioned above. Just run it and report back.

@mayeut
Copy link
Collaborator

mayeut commented Sep 18, 2024

The pull request confirms that it's not fixed in its description. A slight modification of the PoC allows to trigger the behavior.

@tariqmchoudhry
Copy link

Does anyone has a work around or a fix ready for this issues?

@anthonymingo
Copy link

Is there a fix for this issue yet or will there be one forthcoming anytime soon? Opening a CVE for an issue and letting it hang out for months/years is not really helpful for applications/companies that are using OpenJPEG and are required to react to those CVEs in a specific timeframe.

@rouault
Copy link
Collaborator

rouault commented Jan 28, 2025

Opening a CVE for an issue and letting it hang out for months/years is not really helpful for applications/companies that are using OpenJPEG and are required to react to those CVEs in a specific timeframe.

How many $$$$$$ do they offer to fix it ? As far as I'm concerned, I don't care at all about companies using OpenJPEG. That's their problem, not mine.

@sebras
Copy link
Contributor

sebras commented Jan 28, 2025
edited
Loading

The pull request confirms that it's not fixed in its description. A slight modification of the PoC allows to trigger the behavior.

@mayeut can you provide the file with that slight modification? also how did you know what to alter in the file?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@sebras @rouault @fundawang @jubalh @pedrohc @mayeut @pic4xiu @anthonymingo @tariqmchoudhry