Cisco Blogs
Share

Vulnerability Spotlight: OpenJPEG JPEG2000 mcc record Code Execution Vulnerability

- September 30, 2016 - 1 Comment

Vulnerability discovered by Aleksandar Nikolic of Cisco Talos

Overview

Talos has identified an exploitable out-of-bounds vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library (TALOS-2016-0193/CVE-2016-8332). The JPEG 2000 file format is commonly used for embedding images inside PDF documents. This particular vulnerability could allow an out-of-bound heap write to occur, resulting in heap corruption and lead to arbitrary code execution. Talos has disclosed this vulnerability responsibily to the library maintainers to ensure a patch is available.

Read More

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

1 Comments

    Early this morning I opened my email and found this issue in "The Hackers News " Website, pointing your research regarding "OPENJPEG JPEG2000". Once again, your explanation is well detailed, and explained. Excellent blog post that I really appreciate. Thank you for the great opportunity to read it.

Share