PT-2019-13496 · Libjpeg Turbo+1 · Libjpeg-Turbo+1
Published
2019-07-18
·
Updated
2024-08-05
·
CVE-2019-13960
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libjpeg-turbo version 2.0.2
Description
The issue arises when processing an invalid progressive JPEG image with incorrect width and height values in the image header, potentially leading to a large amount of memory usage. This could result in a denial of service. The vendor suggests that applications should interpret libjpeg warnings as fatal errors, aborting decompression, and/or set limits on resource consumption or image sizes to mitigate this issue.
Recommendations
For libjpeg-turbo version 2.0.2, consider setting limits on resource consumption or image sizes to prevent excessive memory usage. Additionally, applications should be configured to interpret libjpeg warnings as fatal errors, aborting decompression when such warnings occur.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Libjpeg-Turbo