JasPer JPEG2000 File Handler Use-After-Free Vulnerability in imginfo Utility

A critical use-after-free vulnerability has been identified in JasPer versions through 4.2.5. This issue occurs in the JPEG2000 file handler, specifically within the 'jpc_dec_dump' function of 'src/libjasper/jpc/jpc_dec.c'. The vulnerability arises when the function processes malformed JPEG2000 images, leading to heap memory being accessed after it has been freed. This memory management error can cause corruption and potentially allow for exploitation. The vulnerability can be reproduced by using the 'imginfo' utility with certain debug levels that trigger the issue.

Impact

Exploitation of this vulnerability causes a heap-based use-after-free condition, where the program accesses memory that has already been freed. This can lead to memory corruption, program crashes, and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using the 'imginfo' command-line utility included with JasPer. When the utility is run with the '--debug-level' option set to 32 or 33554432, and a crafted JPEG2000 file that triggers the use-after-free condition is specified, the vulnerability is activated. The 'AddressSanitizer' tool can be used to detect the memory corruption caused by the vulnerability, which manifests as a program crash with a report detailing the use-after-free error.

Remediation

Users are advised to update to JasPer version 4.2.8 or later, where this vulnerability has been fixed.