PT-2017-4056 · Libjpeg Turbo+3 · Libjpeg-Turbo+3

Publicado

2013-12-26

Atualizado

2024-06-15

CVE-2014-9092

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libjpeg-turbo versions prior to 1.3.1

Description The issue allows remote attackers to cause a denial of service, resulting in a crash, by exploiting a buffer data boundary operation error. This can be achieved through a crafted JPEG file, specifically related to the Exif marker.

Recommendations For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of libjpeg-turbo until a patch is applied. Avoid using libjpeg-turbo to process untrusted JPEG files until the issue is resolved.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2013-1324

BDU:2021-01288

CVE-2014-9092

MGASA-2014-0544

OPENSUSE-SU-2024:10357-1

SUSE-SU-2015_0029-1

USN-3706-1

USN-3706-2

Produtos afetados

Alt Linux

Suse

Ubuntu

Libjpeg-Turbo

PT-2017-4056 · Libjpeg Turbo+3 · Libjpeg-Turbo+3

CVE-2014-9092

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 68