6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
41.2%
A heap-based buffer overflow issue was discovered in libjpeg-turbo in
h2v2_merged_upsample_internal() function of jdmrgext.c file. The
vulnerability can only be exploited with 12-bit data precision for which
the range of the sample data type exceeds the valid sample range, hence, an
attacker could craft a 12-bit lossless JPEG image that contains
out-of-range 12-bit samples. An application attempting to decompress such
image using merged upsampling would lead to segmentation fault or buffer
overflows, causing an application to crash.
Author | Note |
---|---|
jdstrand | libjpeg-turbo is a fork of libjpeg8 |
mdeslaur | the libjpeg package is an unrelated codebase lossless support was added in libjpeg-tubo here: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2e8360e061939e6e2d5be4f0ca68cc47c339e601 |