JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
CVE-2018-20622 exposes a critical memory leak vulnerability in the JasPer library, potentially leading to denial-of-service (DoS) or, in certain scenarios, system instability. Exploitation involves crafting a malicious image file processed by applications using the vulnerable library, resulting in uncontrolled memory allocation and exhaustion. This vulnerability poses a significant risk to systems handling image data, especially those exposed to untrusted sources.
Step 1: Payload Delivery: An attacker crafts a malicious image file, specifically designed to trigger the memory leak. This file is typically a JP2 (JPEG 2000) image, but the specific characteristics of the crafted image are crucial for exploiting the vulnerability.
Step 2: File Processing: The victim application, which utilizes the vulnerable JasPer library (version 2.0.14), attempts to process the malicious JP2 image. This could be triggered by a user uploading the image, a scheduled task processing images, or an automated system handling image files.
Step 3: Memory Allocation: As the library parses the malicious image, the flawed memory management routines within jas_malloc.c are invoked. The --output-format jp2 option is used, which triggers the vulnerable code path.
Step 4: Memory Leak Trigger: The library begins to allocate memory without releasing it, leading to a gradual increase in memory consumption. The rate of memory leakage depends on the complexity and size of the crafted image.
Step 5: Resource Exhaustion: Over time, the memory leak consumes all available system memory. This can lead to the application crashing, the system becoming unresponsive, or other unpredictable behavior.
Step 6: Denial of Service: The exhaustion of system resources results in a denial-of-service (DoS) condition, preventing legitimate users from accessing the affected system or service.
The vulnerability lies within the jas_malloc.c file of the JasPer library (version 2.0.14). The flaw stems from an improper handling of memory allocation when processing image files with the --output-format jp2 option. Specifically, the library fails to properly free allocated memory under certain conditions during the JP2 encoding process. This leads to a memory leak, where the application continuously allocates memory without releasing it. Over time, this uncontrolled allocation exhausts available system resources, leading to a denial-of-service (DoS) condition. The root cause is a logic error within the memory management routines, where certain memory blocks are not deallocated after use, resulting in a gradual depletion of available memory. While a direct remote code execution (RCE) is not explicitly mentioned, the memory exhaustion can potentially be leveraged in conjunction with other vulnerabilities to achieve more severe consequences.