CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

Hi,  
I found a segmentation fault in current master, and I also reproduced it on latest released version 2.5.0.

Crash Summary：  
A issues of freeing uninitialized pointer exist in src/bin/jp2/opj\_decompress.c:1795 in main, it can lead to a segmentation fault via the POC provided below

Crash Analysis：

1.  run command: ./opj\_decompress -ImgDir input -OutFor BMP
2.  If there are lots of files in the imgdir directory, that will cause memory malloc failure  
    ![1](https://user-images.githubusercontent.com/20721416/125420336-c2770ff4-1c20-4b5b-bdcd-7d905dfbe579.png)
3.  Then, since the pointer dirptr->filename is not initialized, free(dirptr->filename) is failed  
    ![2](https://user-images.githubusercontent.com/20721416/125420358-59256754-2b7f-4a17-8a19-34a3789e8cf2.png)

GDB debugging results：  
![3](https://user-images.githubusercontent.com/20721416/125420553-34b11a86-e7d0-4680-92a0-47206e4f9173.png)

poc.zip

CVE-2022-1122: Exist a issues of freeing uninitialized pointer in src/bin/jp2/opj_decompress.c，that will cause a segfault · Issue #1368 · uclouvain/openjpeg

Headline

CVE-2022-1122: Exist a issues of freeing uninitialized pointer in src/bin/jp2/opj_decompress.c，that will cause a segfault · Issue #1368 · uclouvain/openjpeg

CVE: Latest News