Skip to main content

Libjpeg Turbo CVE-2023-2804

MEDIUM
Heap-based Buffer Overflow (CWE-122)
2023-05-25 secalert@redhat.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 25, 2023 - 22:15 nvd
MEDIUM 6.5

DescriptionNVD

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.

AnalysisAI

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-122. A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. Affected products include: Libjpeg-Turbo.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-9614 HIGH POC
8.8 Jul 27

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service

CVE-2020-13790 HIGH POC
8.1 Jun 03

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PP

CVE-2017-15232 MEDIUM POC
6.5 Oct 11

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Rated medium sev

CVE-2018-19664 MEDIUM POC
6.5 Nov 29

libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpe

CVE-2019-13960 MEDIUM POC
5.5 Jul 18

In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image cont

CVE-2012-2806 HIGH
8.8 Aug 13

Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause

CVE-2016-3616 HIGH
8.8 Feb 13

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and applicat

CVE-2018-20330 HIGH
8.8 Dec 21

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via

CVE-2014-9092 MEDIUM
6.5 Oct 10

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related

CVE-2021-20205 MEDIUM
6.5 Mar 10

Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero w

CVE-2018-1152 MEDIUM
6.5 Jun 18

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a cra

CVE-2013-6629 MEDIUM
5.0 Nov 19

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome befor

Share

CVE-2023-2804 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy