CVE-2012-2806

Name of the Vulnerable Software and Affected Versions libjpeg-turbo versions 1.2.0 through 1.2.0

Description The issue is related to a heap-based buffer overflow in the get sos function in jdmarker.c, which can be triggered by a large component count in the header of a JPEG image. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. The exploitation of this issue can be done remotely.

Recommendations For libjpeg-turbo version 1.2.0, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of JPEG images with large component counts in the header until a patch is available.