PT-2023-21344 · Jpegoptim+1 · Jpegoptim+1

Blu3Sh0Rk

Publicado

2023-03-15

Atualizado

2023-04-15

CVE-2023-27781

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions jpegoptim version 1.5.2

Description A heap overflow can occur with crafted JPEG image files, specifically in the optimize function at jpegoptim.c. This issue is related to the processing of JPEG images.

Recommendations For jpegoptim version 1.5.2, consider avoiding the use of the optimize function until a patch is available. As a temporary workaround, restrict the processing of crafted JPEG image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2023-1511

CVE-2023-27781

MGASA-2023-0143

Produtos afetados

Debian

Jpegoptim

PT-2023-21344 · Jpegoptim+1 · Jpegoptim+1

CVE-2023-27781

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20