Closed Arbusz closed 6 months ago
@Arbusz The bug has been fixed on the master branch. If you get a CVE for this, please post it here so I can document that it has been fixed.
Thank you for your swift response to our inquiries.
Credit: Dawei Wang and Geng Zhou, from Zhongguancun Laboratory.
It‘s CVE-2024-31744.
@Arbusz Thanks. I added the CVE to the NEWS file.
Hi, we found one crash in jasper(libjasper 4.2.2), which is the latest version. To assist in diagnosing and resolving these issues, we have attached the POC file along with the gdb log.
Environment: Linux 4f6b99b5cf37 6.2.0-35-generic #\35~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Oct 6 10:23:26 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Command and args:
gdb log:
jasper_poc.zip