CVE-2023-2804

2023-05-2522:15:09

Debian Security Bug Tracker

security-tracker.debian.org

heap-based buffer overflow

libjpeg-turbo

segmentation fault

buffer overflows

unix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

41.0%

JSON

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.

OSVersionArchitecturePackageVersionFilename
Debian12alllibjpeg-turbo< 1:2.1.5-2libjpeg-turbo_1:2.1.5-2_all.deb
Debian11alllibjpeg-turbo< 1:2.0.6-4libjpeg-turbo_1:2.0.6-4_all.deb
Debian10alllibjpeg-turbo< 1:1.5.2-2+deb10u1libjpeg-turbo_1:1.5.2-2+deb10u1_all.deb
Debian999alllibjpeg-turbo< 1:2.1.5-3libjpeg-turbo_1:2.1.5-3_all.deb
Debian13alllibjpeg-turbo< 1:2.1.5-3libjpeg-turbo_1:2.1.5-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libjpeg-turbo	< 1:2.1.5-2	libjpeg-turbo_1:2.1.5-2_all.deb
Debian	11	all	libjpeg-turbo	< 1:2.0.6-4	libjpeg-turbo_1:2.0.6-4_all.deb
Debian	10	all	libjpeg-turbo	< 1:1.5.2-2+deb10u1	libjpeg-turbo_1:1.5.2-2+deb10u1_all.deb
Debian	999	all	libjpeg-turbo	< 1:2.1.5-3	libjpeg-turbo_1:2.1.5-3_all.deb
Debian	13	all	libjpeg-turbo	< 1:2.1.5-3	libjpeg-turbo_1:2.1.5-3_all.deb