Skip to main content

Libjpeg CVE-2022-32978

MEDIUM
Reachable Assertion (CWE-617)
2022-06-10 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 10, 2022 - 15:15 nvd
MEDIUM 6.5

DescriptionNVD

There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.

AnalysisAI

There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-617. There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. Affected products include: Jpeg Libjpeg. Version information: before 1.64.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-37768 HIGH POC
7.5 Aug 18

libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer. Rated high seve

CVE-2020-14153 HIGH POC
7.1 Jun 15

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers

CVE-2023-37837 MEDIUM POC
6.5 Jul 13

libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebit

CVE-2023-37836 MEDIUM POC
6.5 Jul 13

libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. Rat

CVE-2022-37770 MEDIUM POC
6.5 Aug 18

libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.c

CVE-2022-37769 MEDIUM POC
6.5 Aug 18

libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. Rat

CVE-2022-31620 MEDIUM POC
6.5 May 25

In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service

CVE-2021-39520 MEDIUM POC
6.5 Sep 20

An issue was discovered in libjpeg through 2020021. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2021-39519 MEDIUM POC
6.5 Sep 20

An issue was discovered in libjpeg through 2020021. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2021-39518 MEDIUM POC
6.5 Sep 20

An issue was discovered in libjpeg through 2020021. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2021-39517 MEDIUM POC
6.5 Sep 20

An issue was discovered in libjpeg through 2020021. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2021-39516 MEDIUM POC
6.5 Sep 20

An issue was discovered in libjpeg through 2020021. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

Share

CVE-2022-32978 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy