back to article Let's not meet up with JPEG 2000 – researchers find security hole in image codec

Researchers are warning about a newly discovered security vulnerability in a popular open-source JPEG 2000 parser that could let corrupted image files trigger remote code execution. Cisco-owned security firm Talos warns that by embedding a malformed image file into a web page, PDF file, or email message, an attacker could gain …

  1. David 132 Silver badge

    Upvoted for the reference in the head/subhead.

    ...this is hardcore journalism, but I wonder if the common people will get it?

    1. FrogsAndChips Silver badge
      Coat

      Re: Upvoted for the reference in the head/subhead.

      It's clearly aimed at a different class of readers.

  2. Tom Paine
    Pint

    subs

    ...take a beer for that subheadline. Well played.

  3. Robert Carnegie Silver badge

    But

    What happens if a malicious page just puts a JPEG 2000 image in a web page?

    Obviously the vulnerability is only when the vulnerable "OpenJPEG" decoder is used. So does any web browser use it natively? I found a page saying no one was adopting JPEG 2000, but the page is from 2007. Apparently it was or is supported in Safari... the question is how.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like