• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 16th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

OpenJPEG Bug Helping Attackers Conduct Remote Code Execution

October 4th, 2016 Uzair Amir Security 0 comments
OpenJPEG Bug Helping Attackers Conduct Remote Code Execution
Share on FacebookShare on Twitter
Researchers at Cisco Talos have discovered a dangerous zero-day vulnerability in the OpenJPEG JPEG 2000 codec. The flaw can allow attackers to conduct remote code execution on systems.

OpenJPEG is a JPEG 2000 codec, which is programmed in C language while the software particularly was developed to popularize JPEG 2000. The JPEG 2000 is an image compression standard, which is commonly used for a variety of tasks such image embedding in PDF files. Software like Pdfium, Poppler and MuPDF are used for this purpose.

The revelation was made by Cisco researchers on Friday. They further revealed that the zero-day vulnerability is identified in the JPEG 2000 image file format parser, which is implemented in the OpenJPEG library. This flaw has been given the code name CVE-2016-8332, with a CVSS score of 7.5 and it is being regarded as an out-of-bounds vulnerability. This means, this vulnerability can heap write to occur, which can result in arbitrary code execution and heap exploitation.

The cause behind this flaw is an error in parsing MCC records stored in the JPEG 2000 file. This leads to an erroneous “read and write of adjacent heap area memory.” Cisco Talos’ Aleksander Nikolic discovered this vulnerability in the version 2.1.1 of OpenJPEG.

If this flaw is exploited, it would lead to heap metadata process memory corruption. This vulnerability can be used by attackers only if the user of the computer opens any malicious, specially designed JPEG 2000 images. Such content is often distributed via phish emails and even hosted on authentic platforms like Dropbox and Google Drive. As soon as the malicious images enter the system, it creates the path for attackers for conducting remote execution of the code.

More technical details and Talos vulnerability report is available here.

[fullsquaread][/fullsquaread]

Via: ZDNet

Source: Talos Blog

  • Tags
  • Bug
  • Flaw
  • hacking
  • internet
  • security
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Watch Out Gamers: Hacked Steam Accounts Distributing Malware
Next article Remember 68 Million Hacked Dropbox Data? It's available for free download
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
2021 and Emerging Cybersecurity Threats
Security

2021 and Emerging Cybersecurity Threats

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers
Cyber Crime

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers

ParkMobile parking app data breach - 21M user records stolen, sold
Hacking News

ParkMobile parking app data breach - 21M user records stolen, sold

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us