Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OOM in opj_decompress #1476

Closed
LOURC0D3 opened this issue Aug 5, 2023 · 1 comment
Closed

OOM in opj_decompress #1476

LOURC0D3 opened this issue Aug 5, 2023 · 1 comment

Comments

@LOURC0D3
Copy link

LOURC0D3 commented Aug 5, 2023

Expected behavior and actual behavior.

If an attacker inputs a maliciously crafted file to opj_decompress, opj_decompress will consume RAM until exhausted.

dmesg log

oom
[19395.257621] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/user.slice/user-1001.slice/[email protected]/app.slice/app-org.gnome.Terminal.slice/vte-spawn-bfb74d30-24d2-42e9-a6c7-66ba9ccba97e.scope,task=opj_decompress,pid=332886,uid=1001
[19395.257635] Out of memory: Killed process 332886 (opj_decompress) total-vm:21477025544kB, anon-rss:7378548kB, file-rss:0kB, shmem-rss:0kB, UID:1001 pgtables:19316kB oom_score_adj:0

poc video

crash.mov

Steps to reproduce the problem.

  • build option
mkdir build && cd build
cmake .. 
make -j `nproc`
  • run command
opj_decompress -i crash.j2k -o test.pgm

Operating system

Ubuntu 22.04.2 LTS

os

openjpeg version

git show opj_decompress -h
@LOURC0D3
Copy link
Author

LOURC0D3 commented Aug 5, 2023

It seems to be the same as issue #1471 .
Close this issue.

@LOURC0D3 LOURC0D3 closed this as not planned Won't fix, can't repro, duplicate, stale Aug 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant