OverviewTalos has identified an exploitable out-of-bounds vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library (TALOS-2016-0193/CVE-2016-8332). The JPEG 2000 file format is commonly used for embedding images inside PDF documents. This particular vulnerability could allow an out-of-bound heap write to occur, resulting in heap corruption and lead to arbitrary code execution. Talos has disclosed this vulnerability responsibily to the library maintainers to ensure a patch is available.
Exploitation of this vulnerability is possible if a user were to open a file containing a specifically crafted JPEG 2000 image that exploits this flaw. Examples where this could be achieved would be in an email attack, where a user opens an attachment in a spam/phishing email, or in a hosted content scenario where a user downloads a file from Google Drive or Dropbox.
CoverageTalos has released rules that detect attempts to exploit this vulnerability to protect our customers. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.
Snort Rules: 40314-40315
For further zero day or vulnerability reports and information visit: