EH-Net

I am testing an application which takes image files (jpeg) as input.

I was thinking of ways to break the application using image files ...
I have been searching on the lines of giving the application a corrupt
image file ... there are posts about buffer overflow using jpeg
files ...

Anyone here has some experience on this ? would like to have some
pointers on this topic

First I admit I have no experience regarding this.
Am assuming it is a desktop application that takes in JPEG images and either renders or process the JPEG file.
First if it is an existing desktop application look for exploits in the wild already.
If it is a new application and you got the source, try static code auditing, else if you dont have the source, then fuzzing might reveal bugs in the application.
Here is a jpeg fuzzer.
http://www.securiteam.com/tools/6P00B1FNFM.html

What kind of application? Web app, client app, mobile app...

Don

If it's a Web Application, the content of the JPEG files will most likely not matter except if the application reads and parses the input somehow in a vulnerable way.

There are of course, usually other vulnerabilities included with file uploading formulas where it is occasionally possible to upload php files with a simple %00 byte added to the end of the filename.

If it's a client application aka a real program, use the jpeg fuzzer dante recommended or create your own fuzzer  :)

How do you know it accepts JPEGs? Can you do something like

  ?

If you are authorized, try to upload several variants of files and proxy the application's response. Look for subtleties.

It may be suspectible to parameter tampering. In PHP, it would be something like
If it's not validating your upload parameter, try some fuzzing; for example, /../../  or  command injection.