Wednesday, December 11, 2019

Vulnerability Spotlight: Kakadu Software SDK ATK marker code execution vulnerability


Aleksandar Nikolic and Emmanuel Tacheau of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Kakadu Software’s SDK contains an exploitable heap overflow. Kakadu serves as a framework for developers to create a variety of commercial and non-commercial applications. An attacker could exploit this vulnerability by tricking the user into opening a specially crafted, malicious jp2 file to cause a heap overflow, which could then allow them to remotely execute code on the server.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Kakadu to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Kakadu Software SDK ATK marker code execution vulnerability (TALOS-2019-0933/CVE-2019-5144)

An exploitable heap underflow vulnerability exists in the `derive_taps_and_gains` function in `kdu_v7ar.dll` of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that Kakadu Software SDK 7.10.2 running on Windows is affected by this vulnerability.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 52020, 52021

No comments:

Post a Comment