Beware! You Can Get Hacked Just by Opening a 'JPEG 2000' Image
Oct 04, 2016
Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library , which could allow an attacker to remotely execute arbitrary code on the affected systems. Discovered by security researchers at Cisco Talos group, the zero-day flaw, assigned as TALOS-2016-0193/ CVE-2016-8332 , could allow an out-of-bound heap write to occur that triggers the heap corruption and leads to arbitrary code execution. OpenJPEG is an open-source JPEG 2000 codec. Written in C language, the software was developed for coding and encoding JPEG2000 images, a format that is often used for tasks like embedding image files within PDF documents through popular software including PdFium, Poppler, and MuPDF. Hackers can exploit the security vulnerability by tricking the victim into opening a specially crafted, malicious JPEG2000 image or a PDF document containing that malicious file in an email. The hacker could even upload the malicious JP...
