Skip to main content

Libjpeg Turbo CVE-2017-15232

MEDIUM
NULL Pointer Dereference (CWE-476)
2017-10-11 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 11, 2017 - 03:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

AnalysisAI

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Affected products include: Libjpeg-Turbo.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2017-9614 HIGH POC
8.8 Jul 27

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service

CVE-2020-13790 HIGH POC
8.1 Jun 03

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PP

CVE-2023-2804 MEDIUM POC
6.5 May 25

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrge

CVE-2018-19664 MEDIUM POC
6.5 Nov 29

libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpe

CVE-2019-13960 MEDIUM POC
5.5 Jul 18

In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image cont

CVE-2012-2806 HIGH
8.8 Aug 13

Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause

CVE-2016-3616 HIGH
8.8 Feb 13

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and applicat

CVE-2018-20330 HIGH
8.8 Dec 21

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via

CVE-2014-9092 MEDIUM
6.5 Oct 10

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related

CVE-2021-20205 MEDIUM
6.5 Mar 10

Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero w

CVE-2018-1152 MEDIUM
6.5 Jun 18

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a cra

CVE-2013-6629 MEDIUM
5.0 Nov 19

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome befor

Share

CVE-2017-15232 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy