-
Notifications
You must be signed in to change notification settings - Fork 461
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE-2016-10506] division-by-zero (SIGFPE) error in opj_pi_next_cprl function (line 523 of pi.c) #731
Labels
Milestone
Comments
Here is what I see using kakadu:
|
I think the problem is not in ihdr box. Let me give you a minimized poc file. You can have a look at it. kakadu output.
|
Why do I see this:
|
Maybe the versions of kakadu are different. Can you try this new poc file? |
Fixed per d27ccf0 |
trylab
changed the title
division-by-zero (SIGFPE) error in opj_pi_next_cprl function (line 523 of pi.c)
[CVE-2016-10506] division-by-zero (SIGFPE) error in opj_pi_next_cprl function (line 523 of pi.c)
Aug 30, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Testing Environment
Ubuntu + OpenJPEG (GitHub master, 2016/03/28)
Exception Information
Simple Analysis
The value of comp->dy is 128 and the value of rpy is 26.
The value evaluated from (OPJ_INT32)(comp->dy << rpy) is 0 (128<<26 == 0).
The code pi->y%(OPJ_INT32)(comp->dy<<rpy) will cause a divide-by-zero exception (SIGFPE).
Proof-of-Concept file
Use poc.j2k.
Credit
This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB.
The text was updated successfully, but these errors were encountered: