CVE-2023-2804
Summary
| CVE | CVE-2023-2804 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-05-25 22:15:00 UTC |
|---|
| Updated | 2023-08-17 19:26:00 UTC |
|---|
| Description | A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Heap Buffer Overflow in /libjpeg-turbo/jquant2.c:224 at prescan_quantize() (SIGSEGV) · Issue #668 · libjpeg-turbo/libjpeg-turbo · GitHub |
MISC |
github.com |
|
| cve-details |
MISC |
access.redhat.com |
|
| heap-buffer-overflow at /libjpeg-turbo/jdmrgext.c:126 in h2v2_merged_upsample_internal() (SIGSEGV) · Issue #675 · libjpeg-turbo/libjpeg-turbo · GitHub |
MISC |
github.com |
|
| Lossless decomp: Range-limit 12-bit samples · libjpeg-turbo/libjpeg-turbo@9f756bc · GitHub |
MISC |
github.com |
|
| 2208447 – (CVE-2023-2804) CVE-2023-2804 libjpeg-turbo: heap-buffer-overflow in h2v2_merged_upsample_internal() at /libjpeg-turbo/jdmrgext.c |
MISC |
bugzilla.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 503114 Alpine Linux Security Update for libjpeg-turbo
- 505884 Alpine Linux Security Update for libjpeg-turbo
