CVE-2023-2804

Name of the Vulnerable Software and Affected Versions libjpeg-turbo (affected versions not specified)

Description A heap-based buffer overflow issue was discovered in the h2v2 merged upsample internal() function of the jdmrgext.c file. The issue can only be exploited with 12-bit data precision when the range of the sample data type exceeds the valid sample range. An attacker could craft a 12-bit lossless JPEG image containing out-of-range 12-bit samples, leading to a segmentation fault or buffer overflow when an application attempts to decompress the image using merged upsampling, causing the application to crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.