CVE-2023-2804
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.
Affected (1)
Products: Libjpeg Turbo: Libjpeg Turbo
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.1.90 |
Related CWEs
CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (12)
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
ExploitIssue TrackingPatch
Source: secalert@redhat.com
ExploitIssue TrackingPatch
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.