Vulnerabilities discovered by Aleksandar Nikolic and Tyler Bohan of Cisco Talos.
Today, Talos is disclosing multiple vulnerabilities that have been identified in the Kakadu JPEG 2000 SDK. The vulnerabilities manifest in a way that could be exploited if a user opens a specifically crafted JPEG 2000 file. Talos has coordinated with Kakadu to ensure relevant details regarding the vulnerabilities have been shared. In addition, Talos has developed Snort Rules that can detect attempts to exploit these flaws.
Code execution vulnerabilities exist in the Kakadu SDK 7.9 which are detailed in the Talos vulnerability reports TALOS-2017-0308 and TALOS-2017-0309. In both vulnerabilities a specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise. The most likely form of attack would be in a social engineering scenario where a user receives an email containing a malicious JPEG 2000 file that exploits this vulnerability.
Talos has developed the following Snort rules to detect attempts to exploit this vulnerability. Note that these rules are subject to change pending additional vulnerability information. For the most current information, please visit your Firepower Management Center or Snort.org.
Snort Rules: 42179-42180, 42191-42194
For other vulnerabilities Talos has disclosed, please refer to our Vulnerability Report Portal: http://www.talosintelligence.com/vulnerability-reports/
To review our Vulnerability Disclosure Policy, please visit this site: