Vulnerability discovered by Aleksandar Nikolic of Cisco Talos
Overview
Talos has identified an exploitable out-of-bounds vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library (TALOS-2016-0193/CVE-2016-8332). The JPEG 2000 file format is commonly used for embedding images inside PDF documents. This particular vulnerability could allow an out-of-bound heap write to occur, resulting in heap corruption and lead to arbitrary code execution. Talos has disclosed this vulnerability responsibily to the library maintainers to ensure a patch is available.
Early this morning I opened my email and found this issue in “The Hackers News ” Website, pointing your research regarding “OPENJPEG JPEG2000”. Once again, your explanation is well detailed, and explained. Excellent blog post that I really appreciate. Thank you for the great opportunity to read it.