Closed benehalo closed 1 year ago
You have 5 files in the zip file, each of them triggers the same response, yes?
You have 5 files in the zip file, each of them triggers the same response, yes?
Yes, each of the input files triggers the same reponse.
Thanks for confirming.
What is the range of Jasper versions that contain this vulnerability?
You'll have to check that yourself unfortunately. 3.0.6 is vulnerable and 4.0.0 is the first version with the fix.
Crash Inputs
Here are the files that trigger the bug - jas_image.c_1010.zip
Bug Description
I apply debug mode (-g -O0) to check for errors and report the detected errors as follows.
How to Reproduce
The aforementioned bug can be stably reproduced in version 3.0.6 (commit id 66632500).
-g -O0
/data/program/jasper/test/bin/jasper --input <input-file-path> --output /tmp/test.bmp --output-format bmp