Name of the Vulnerable Software and Affected Versions TurboJPEG versions prior to 2.0.2

Description The issue involves several security vulnerabilities in the TurboJPEG library, including a signed integer overflow and subsequent segfault when decompressing images with more than 715827882 pixels using the 64-bit C version. There is also an out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes() when decompressing grayscale JPEG images with a sampling factor other than 1. A regression introduced by version 2.0.2 caused the TurboJPEG API to incorrectly identify some JPEG images with unusual sampling factors, leading to a buffer overflow. Additionally, a specially-crafted malformed JPEG image could cause the Huffman encoder's local buffer to be overrun.

Recommendations For TurboJPEG versions prior to 2.0.2, update to version 2.0.2 or later to resolve the security vulnerabilities. As a temporary workaround, consider disabling the tjDecompressToYUV2() and tjDecompressToYUVPlanes() functions until a patch is available. Restrict access to the TurboJPEG API to minimize the risk of exploitation. Avoid using the TurboJPEG library to decompress images with more than 715827882 pixels or grayscale JPEG images with a sampling factor other than 1 until the issue is resolved.