The Data Compression News Blog

All about the most recent compression techniques, algorithms, patents, products, tools and events.

Subscribe

Posts: RSS Feed
Comments: RSS Feed

Sponsored Links

Recent Posts

  • Bijective BWT (7 Comments)

    David Scott has written a bijective BWT transform, which brings all the advantages of bijectiveness to BWT based compressors. Among other things, making BWT more suitable for compression-before-encryption and also give (slightly) better compression.

  • Asymmetric Binary System (116 Comments)

    Jarek Duda’s “Asymmetric Binary System” promises to be an alternate to arithmetic coding, having all the advantages, but being much simpler. Matt has coded a PAQ based compressor using ABS for back-end encoding. Update: Andrew Polar has written an alternate implementation of ABS.

  • Precomp: More Compression for your Compressed Files (3 Comments)

    So many of today’s files are already compressed (using old, outdated algorithms) that newer algorithms don’t even get a chance to touch them. Christian Schneider’s Precomp comes to rescue by undoing the harm.

  • On2 Technologies is Hiring

    There aren’t too many companies working on cutting edge codecs, and of those few this one is hiring. Best of luck.

  • China’s AVS Specifications Available (2 Comments)

    Its old news that China has developed their own Advanced Video Standard to avoid high licensing fees. English translation of the standard is now available, along with the IPR policy. Finally something technical that you can get your hands on to feed your appetite.

Apple ImageIO Buffer Overflow in Processing JPEG2000 Images

Posted by Sachin Garg on 2nd October 2006 | Permanent Link

Mac OS X 10.4.8 Update and Security Update 2006-006 fixes a buffer overflow bug which could be used to execute arbitrary code simply by viewing a maliciously-crafted JPEG2000 image.

More details on the bug are not available, at least not yet. CVE ID for this vulnerability is CVE-2006-4391, just in case you want to try to find details later (SecurityTracker Alert ID: 1016953).

Security issues arising out of how applications handle compressed files (or for that matter any file) are not new and almost all major compressed formats have seen such issues. While there isn’t much that can be done when designing the formats, a slight consideration given to possibilities of such cases can help a lot in long run.

Developers of applications or core libraries which handle such file formats definitely need to be more careful. Last year when we saw such issues in more widely deployed GIF and JPEG formats, iDefense, a security intelligence company, in conjunction with Black Hat, made available tools that let researchers automate the discovery of file format vulnerabilities.

Prevention is of course better than cure.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This entry was posted on Monday, October 2nd, 2006 at 1:58 pm by Sachin Garg. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.