Jasper 1.900.17 left shift Denial Of Service Vulnerability

Summary

libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

Credit:

The information has been provided by Agostino Sarubbo.
The original article can be found at: http://www.securityfocus.com/bid/95666


Details

Vulnerable Systems:
 * Jasper 1.900.17

jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard.
With the undefined behavior sanitizer enabled, jasper crashes showing some left shift and some signed integer overflow.

CVE Information:
CVE-2017-5502

Disclosure Timeline:
Publish Date : 2017-03-01
Last Update Date : 2017-03-02

Categories: News