Exploit Report

Computer Security And Bug Information

CVE-2023-2804

CVECVE-2023-2804
CVE Title
Published Date2023-05-25T22:15Z
Modified Date2023-06-01T19:13Z
CWE TypeCWE-787
CVSS 3.xCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
DescriptionA heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/libjpeg-turbo/libjpeg-turbo/issues/675
Reference DescriptionMISC https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675
Reference URLhttps://bugzilla.redhat.com/show_bug.cgi?id=2208447
Reference DescriptionMISC https://bugzilla.redhat.com/show_bug.cgi?id=2208447
Reference URLhttps://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118
Reference DescriptionMISC https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118
Reference URLhttps://access.redhat.com/security/cve/CVE-2023-2804
Reference DescriptionMISC https://access.redhat.com/security/cve/CVE-2023-2804
Reference URLhttps://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021
Reference DescriptionMISC https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021
TagsExploit Issue Tracking Patch
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles