CVE-2019-13960

Published: Jul 18, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes

Affected (1)

Products: Libjpeg Turbo: Libjpeg Turbo

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libjpeg Turbo Libjpeg Turbo	Version 2.0.2

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337

Source: cve@mitre.org

ExploitThird Party Advisory

https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

Timeline

No history available yet.