PT-2017-4056 · Libjpeg Turbo+3 · Libjpeg-Turbo+3

Published

2013-12-26

·

Updated

2024-06-15

·

CVE-2014-9092

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions libjpeg-turbo versions prior to 1.3.1
Description The issue allows remote attackers to cause a denial of service, resulting in a crash, by exploiting a buffer data boundary operation error. This can be achieved through a crafted JPEG file, specifically related to the Exif marker.
Recommendations For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of libjpeg-turbo until a patch is applied. Avoid using libjpeg-turbo to process untrusted JPEG files until the issue is resolved.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2013-1324
BDU:2021-01288
CVE-2014-9092
MGASA-2014-0544
OPENSUSE-SU-2024:10357-1
SUSE-SU-2015_0029-1
USN-3706-1
USN-3706-2

Affected Products

Alt Linux
Suse
Ubuntu
Libjpeg-Turbo