Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2804

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.

Published

2023-05-25T22:15:09.443

Last Modified

2025-01-16T16:15:29.043

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-122
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libjpeg-turbo	libjpeg-turbo	2.1.90	Yes

References

https://access.redhat.com/security/cve/CVE-2023-2804 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2208447 Issue Tracking, Patch ([email protected])
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021 Patch ([email protected])
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118 Exploit, Issue Tracking, Patch ([email protected])
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675 Exploit, Issue Tracking, Patch ([email protected])
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html ([email protected])
https://access.redhat.com/security/cve/CVE-2023-2804 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2208447 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118 Exploit, Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675 Exploit, Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html (af854a3a-2127-422b-91ae-364da2661108)