A zero day flaw in OpenJPEG JPEG 2000 could lead arbitrary code execution

Cisco Talos Team disclosed a zero-day flaw affecting the JPEG 2000 image file format parser implemented in the OpenJPEG library.

Security experts at Cisco Talos group have discovered a serious vulnerability (TALOS-2016-0193/CVE-2016-8332) affecting the JPEG 2000 image file format parser implemented in OpenJPEG library. An attacker could exploit the flaw to trigger the heap corruption and execute arbitrary code on the target system.

“This particular vulnerability could allow an out-of-bound heap write to occur, resulting in heap corruption and lead to arbitrary code execution. Talos has disclosed this vulnerability responsibility to the library maintainers to ensure a patch is available.” states the security advisory published by Talos.

The experts successfully tested the JPEG 2000 image exploit on the OpenJpeg openjp2 2.1.1.

The security experts have has ethically reported the security flaw to the library maintainers to ensure a patch is available.

The flaw has a serious impact because the JPEG 2000 file format is commonly used for embedding images inside PDF documents.

In order to exploit the vulnerability, an attacker has to trick victims into opening a file containing a specifically crafted JPEG 2000 image that triggers the flaw.

A first attack scenario sees attackers sending an email to the targets, the malicious message will include a PDF document including a specifically crafted JPEG 2000 image, or in a hosted content scenario where a user downloads a file from Google Drive or Dropbox.

Attackers could also leverage on cloud storage like Google Drive or Dropbox where he hosts a specifically crafted JPEG 2000 image, then he will share the link to the picture.

Experts from Talos have also released Snort Rules (40314-40315) that could help experts in detecting attempts to exploit the flaw.

Cisco Talos group also announced that additional rules may be released at a future date informing users that current rules are subject to change pending additional vulnerability information.

Below the Timeline of the Vulnerability

2016-07-26 – Vendor Disclosure
2016-09-29 – Public Release

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – JPEG 2000, Zero-day)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.