CVE-2006-3005 — Media-libs Jpeg vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 32.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gentoo Media-libs Jpeg Debian Libjpeg6b

Timeline

PublishedJun 13

Latest updateMay 1

Description

The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDgentoo/media-libs_jpeg6b

▶debiandebian/libjpeg6b

Patches

Patch: secunia.com ↗Patch: www.gentoo.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-m5m4-crpf-fpj8: The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers t↗2022-05-01

▶

📋Vendor Advisories

Debian

CVE-2006-3005: libjpeg6b - The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built withou...↗2006

▶

Red Hat

CVE-2006-3005: The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers t↗

▶