Vulnerability discovered by Aleksandar Nikolic of Cisco Talos
Overview Talos has identified an exploitable out-of-bounds vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library (TALOS-2016-0193/CVE-2016-8332). The JPEG 2000 file format is commonly used for embedding images inside PDF documents. This particular vulnerability could allow an out-of-bound heap write to occur, resulting in heap corruption and lead to arbitrary code execution. Talos has disclosed this vulnerability responsibily to the library maintainers to ensure a patch is available.
Exploitation of this vulnerability is possible if a user were to open a file containing a specifically crafted JPEG 2000 image that exploits this flaw. Examples where this could be achieved would be in an email attack, where a user opens an attachment in a spam/phishing email, or in a hosted content scenario where a user downloads a file from Google Drive or Dropbox.
Coverage Talos has released rules that detect attempts to exploit this vulnerability to protect our customers. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.
Snort Rules: 40314-40315
For further zero day or vulnerability reports and information visit: