Key Information Summary Vulnerability Overview Vulnerability Type: Null Pointer Dereference Program: jasper (image processing library) Crash Type: SIGSEGV (signal 11) Version: jasper 2.0.25 Root Cause: In the function, when processing a maliciously formatted image file with specific command-line options, the function receives a null image pointer and attempts to dereference it, causing an immediate segmentation fault. Technical Analysis Trigger Condition: Processing a maliciously formatted image file with BMP output format and color space conversion. Critical Issue: Access to with a null pointer. Root Cause Analysis: 1. Image loading failure: The malicious input file causes image loading to fail, returning NULL. 2. Missing validation: The main function does not properly release the image pointer before passing it to the color space conversion function. 3. Null pointer access: The function attempts to access the field without a null check. 4. Crash: Accessing leads to a crash because is NULL. Reproducible Code Context Reproduction Steps Run the command-line test using a POC file containing malicious data. Distinction from Assertion Failure Vulnerability Key Differences: - Signal: Assertion failure is SIGABRT(6), null pointer dereference is SIGSEGV(11). - Location: Assertion failure occurs at , null pointer dereference at . - Function: Assertion failure occurs in , null pointer dereference in . - Root Cause: Assertion failure is due to an invalid parameter (-1) passed to a math function; null pointer dereference is due to a null pointer passed to an image function. - Trigger Options: Assertion failure uses , null pointer dereference uses . Proof of Concept POC File: Acknowledgments Discoverers: Xudong Cao (UCAS), Yuqing Zhang (UCAS, Zhongguancun Laboratory)