jbig2enc
jbig2enc copied to clipboard
agl
SEGV in jbig2enc
SEGV in jbig2enc
Description
jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. This vulnerability can lead to a Denial of Service (DoS).
ASAN Log
./src/jbig2 -s -S -p -v -d -2 -O out.png Poc2jbig2enc
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2937923==ERROR: AddressSanitizer: SEGV on unknown address 0x62f00df00400 (pc 0x7ffff7267108 bp 0x6060000000e0 sp 0x7fffffffe0e0 T0)
==2937923==The signal is caused by a READ memory access.
#0 0x7ffff7267107 in pixSetPadBits (/lib/x86_64-linux-gnu/liblept.so.5+0x12e107)
#1 0x7ffff71c93f4 in pixConnCompPixa (/lib/x86_64-linux-gnu/liblept.so.5+0x903f4)
#2 0x7ffff72262d8 in jbGetComponents (/lib/x86_64-linux-gnu/liblept.so.5+0xed2d8)
#3 0x7ffff72289eb in jbAddPage (/lib/x86_64-linux-gnu/liblept.so.5+0xef9eb)
#4 0x5555555633ad in jbig2_add_page(jbig2ctx*, Pix*) /test2/jbig2enc/src/jbig2enc.cc:512
#5 0x55555555f408 in main /test2/jbig2enc/src/jbig2.cc:482
#6 0x7ffff6c1f082 in __libc_start_main ../csu/libc-start.c:308
#7 0x55555555bf4d in _start (/test2/jbig2enc/src/jbig2+0x7f4d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/liblept.so.5+0x12e107) in pixSetPadBits
==2937923==ABORTING
Reproduction
git clone https://github.com/agl/jbig2enc.git
cd jbig2enc
apt install libleptonica-dev
./autogen.sh
CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g" CXXFLAGS=" -fsanitize=address -fno-omit-frame-pointer -g" ./configure --disable-shared
make -j24
./src/jbig2 -s -S -p -v -d -2 -O out.png Poc2jbig2enc
PoC
Poc2jbig2enc: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/Poc2jbig2enc
Version
root@38ad1e4b9d16:/test2/jbig2enc# ./src/jbig2 --version
jbig2enc 0.28
Reference
https://github.com/agl/jbig2enc
Environment
ubuntu:20.04
gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
clang version 10.0.0-4ubuntu1
afl-cc++4.09
Credit
Zeng Yunxiang
