6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
86.0%
Special crafted jpeg files lead to stack smashing and lead to at least
a dos (maybe remote due to imagick).
The Huffman encoder’s local buffer can be overrun when a buffered
destination manager is being used and an extremely-high-frequency block
(basically junk image data) is being encoded.
Even though the Huffman local buffer was increased from 128 bytes to 136
bytes to address the previous issue, the new issue caused even the
larger buffer to be overrun. Further analysis reveals that, in the
absolute worst case (such as setting alternating AC coefficients to
32767 and -32768 in the JPEG scanning order), the Huffman encoder can
produce encoded blocks that approach double the size of the unencoded
blocks. Thus, the Huffman local buffer was increased to 256 bytes, which
should prevent any such issue from re-occurring in the future.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | libjpeg-turbo | < 1.3.1-3 | UNKNOWN |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
86.0%