I may have missed something, but it looks to me like this is really a test of ju... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

herodotus on Dec 13, 2018 | parent | context | favorite | on: 50 CVEs in 50 Days: Fuzzing Adobe Reader

I may have missed something, but it looks to me like this is really a test of just the JPEG 2000 part of Acrobat Reader. It is possible that Adobe built this part of the reader by taking some open source implementation of JPEG 2000 (such as the reference implementation), and modding it - probably by changing memory allocation to be consistent with ARs memory model. So it is possible that some or many of the discovered vulnerabilities are in fact part of the JEPG 2000 library, in which case the problem goes beyond Adobe Acrobat.

nwmcsween on Dec 13, 2018 [–]

You missed something, the article says at the end they fuzzed many different parsers not just the jpeg2000 one

herodotus on Dec 13, 2018 | [–]

Ah - thanks

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact