CVE-2016-10504

MEDIUM

OpenJPEG < 2.2.0 - Heap-Based Buffer Overflow in opj_mqc_byteout

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-10504. PoCs published by Ke Liu.

AI-analyzed exploit summary This exploit demonstrates a heap-buffer-overflow vulnerability in OpenJPEG's `opj_mqc_byteout` function, triggered by a malformed BMP file. The PoC causes an out-of-bounds write during compression, leading to a crash.

Description

Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.

Exploits (1)

exploitdb WORKING POC

by Ke Liu · textdoslinux

https://www.exploit-db.com/exploits/42600

View Code ZIP pw:eip

This exploit demonstrates a heap-buffer-overflow vulnerability in OpenJPEG's `opj_mqc_byteout` function, triggered by a malformed BMP file. The PoC causes an out-of-bounds write during compression, leading to a crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: OpenJPEG (Master version, commit 805972f, 2016/09/12)

No auth needed

Prerequisites: A malformed BMP file to trigger the vulnerability

MITRE ATT&CK