Cl3Nn0

**Name of the Vulnerable Software and Affected Versions** libjpeg-turbo (affected versions not specified) **Description** A heap-based buffer overflow issue was discovered in the `h2v2 merged upsample internal()` function of the `jdmrgext.c` file. The issue can only be exploited with 12-bit data precision when the range of the sample data type exceeds the valid sample range. An attacker could craft a 12-bit lossless JPEG image containing out-of-range 12-bit samples, leading to a segmentation fault or buffer overflow when an application attempts to decompress the image using merged upsampling, causing the application to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.