Researchers at Cisco Talos have disclosed a critical zero-day vulnerability in JPEG 2000 image file format which can allow hackers to remotely execute arbitrary code on the affected system.
Warning! You Can Be Hacked Just By Opening “JPEG 2000” Image
We all know JPEG 2000 which is mostly used for inserting images into PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.
Recently, a zero-day flaw in the JPEG 2000 image format has been discovered by the researchers at Cisco Talos group. The zero-day flaw was discovered by Aleksandar Nikolic of Cisco Talos. According to the sources, the flaw could allow arbitrary code execution.
Talos Intelligence stated that “An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution.”
“For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.”
As Cisco Talos mentioned that target users need to open a malicious JPEG2000 file. Hackers can easily trick the victim by sending an email which contains the malicious JPEG 2000 file or it can even possible with some other methods like Dropbox, Google Drive or everything that facilitates cloud storage services.
Security researchers at Cisco Talos stated that “The vulnerability lies in opj_j2k_read_mcc_record function in src/lib/openjp2/j2k.c file which is responsible for parsing MCC records.”. Researchers at Cisco Talos have disclosed this flaw to the vendor OpenJPEG on July 26. The company had already patched the flaw last week.
Security researchers at Cisco Talos had also successfully tested the vulnerability in OpenJpeg openjp2 2.1.1 versions. Further detailed pieces of information about the vulnerability can be found on Talos Intelligence Website.