Vulnerability discovered by Aleksandar Nikolic of Cisco Talos
Overview
Talos has identified an exploitable out-of-bounds vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library (TALOS-2016-0193 /CVE-2016-8332). The JPEG 2000 file format is commonly used for embedding images inside PDF documents. This particular vulnerability could allow an out-of-bound heap write to occur, resulting in heap corruption and lead to arbitrary code execution. Talos has disclosed this vulnerability responsibily to the library maintainers to ensure a patch is available.
Read More
Tags:
Cisco Systems Inc. published this content on 01 October 2016 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 01 October 2016 00:34:02 UTC.
Original documenthttp://blogs.cisco.com/security/talos/vulnerability-spotlight-jpeg2000
Public permalinkhttp://www.publicnow.com/view/E9B2F7CE433A09D936B59BB3B41750964078B7DB
Cisco Systems, Inc. is the world leader in designing, developing, and marketing Internet network equipment. Net sales break down by family of products and services as follows:
- network equipment (68.9%); switches and routers, technological software and systems (storage, Internet access, and security systems, wiring, gateways, connection interfaces and modules, etc.), etc.;
- services (24.3%): technical assistance, network design, execution, and integration services, etc.;
- security products (6.8%).
Net sales are distributed geographically as follows: Americas (58.7%), Europe/Middle East/Africa (26.6%) and Asia/Pacific (14.7%).