Beware Of This Virus ! Your Computer Can Hacked By Just Opening A JPEG Image
As we know JPEG 2000 that is in generally used for inserting portraits into PDF files and the OpenJpeg library is used by a quantity of well known PDF renderers making PDF documents a possible assault vector.
Lately, a zero-day flaw within the JPEG 2000 snapshot layout has been learned by the researchers at Cisco Talos workforce. The zero-day flaw was discovered via Aleksandr Nikolic of Cisco Talos. In step with the sources, the flaw might allow arbitrary code execution.
Talos Intelligence acknowledged that “An exploitable code execution vulnerability exists within the jpeg2000 image file structure parser as applied in the OpenJpeg library. A particularly crafted jpeg2000 file can reason an out of certain heap write leading to heap corruption main to arbitrary code execution.”
“For a successful attack, the target consumer needs to open a malicious jpeg2000 file. The jpeg2000 picture file structure is normally used for embedding portraits inside PDF records and the OpenJpeg library is utilized by a number of general PDF renderers making PDF records a likely attack vector.”
As Cisco Talos stated that target users have got to open a malicious JPEG2000 file. Hackers can simply trick the victim with the aid of sending an electronic mail which comprises the malicious JPEG 2000 file or it may well even feasible with every other methods like Dropbox, Google force or the whole lot that allows cloud storage services.
Security researchers at Cisco Talos mentioned that “The vulnerability lies in opj_j2k_read_mcc_record function in src/lib/openjp2/j2k.C file which is accountable for parsing MCC records.”. Researchers at Cisco Talos have disclosed this flaw to the seller OpenJPEG on July 26. The manufacturer had already patched the flaw final week.
Safety researchers at Cisco Talos had additionally efficaciously tested the vulnerability in OpenJpeg openjp2 2.1.1 models. Extra specified pieces of understanding concerning the vulnerability can be observed on Talos Intelligence website.