CVE-2012-2806
published 2012-08-13CVE-2012-2806: Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application…
PriorityP342high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
4.76%
90.8th percentile
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d.r.commander | libjpeg-turbo | — | — |
| debian | libjpeg-turbo | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_debian8.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hh76-h9xr-wpjv: Heap-based buffer overflow in the get_sos function in jdmarker
ghsa_unreviewed·2022-05-17
CVE-2012-2806 [MEDIUM] CWE-119 GHSA-hh76-h9xr-wpjv: Heap-based buffer overflow in the get_sos function in jdmarker
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
Debian
CVE-2012-2806: libjpeg-turbo - Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turb...
vendor_debian·2012·CVSS 8.8
CVE-2012-2806 [HIGH] CVE-2012-2806: libjpeg-turbo - Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turb...
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-2806 libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images [fedora-all]
bugzilla·2012-07-17·CVSS 8.8
CVE-2012-2806 [HIGH] CVE-2012-2806 libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images [fedora-all]
CVE-2012-2806 libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject
Bugzilla
CVE-2012-2806 libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images
bugzilla·2012-05-31·CVSS 8.8
CVE-2012-2806 [HIGH] CVE-2012-2806 libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images
CVE-2012-2806 libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images
A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
Patch:
http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830
References:
http://code.google.com/p/chromium/issues/detail?id=130240
https://bugzilla.mozilla.org/show_bug.cgi?id=759802
Discussion:
Acknowledgements:
Red Hat would like to thank Chris Evans of the Google Securit
Bugzilla
Null-pointer execution/null out of bounds write at libjpeg/jdmarker.c
bugzilla·2012-05-30
[MEDIUM] Null-pointer execution/null out of bounds write at libjpeg/jdmarker.c
Null-pointer execution/null out of bounds write at libjpeg/jdmarker.c
Created attachment 628366
Repro-file
Repro-file as attachment.
Crash-report:
https://crash-stats.mozilla.com/report/index/bp-7fbc775d-2fc4-46ff-9af8-b8a0f2120530
This issue seems to affect also Google Chrome and I have already reported it to Google. They have given me permission to report it also for Mozilla.
Discussion:
Also the guys at Google would like to know, is your embedded libjpeg the turbo variety or plain variety and if so which version, 6 or 8?
---
Comment on attachment 628366
Repro-file
It's way too easy to crash Firefox when we load this image.
---
We use jpeg-turbo in Firefox, version v1.2.0.
---
> This issue seems to affect also Google Chrome and I have already reported it to Google.
Is ther
http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830http://osvdb.org/84040http://secunia.com/advisories/49883http://secunia.com/advisories/50753http://security.gentoo.org/glsa/glsa-201209-13.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:121http://www.openwall.com/lists/oss-security/2012/07/17/3http://www.securityfocus.com/bid/54480https://bugzilla.mozilla.org/show_bug.cgi?id=759802https://bugzilla.redhat.com/show_bug.cgi?id=826849https://exchange.xforce.ibmcloud.com/vulnerabilities/76952http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830http://osvdb.org/84040http://secunia.com/advisories/49883http://secunia.com/advisories/50753http://security.gentoo.org/glsa/glsa-201209-13.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:121http://www.openwall.com/lists/oss-security/2012/07/17/3http://www.securityfocus.com/bid/54480https://bugzilla.mozilla.org/show_bug.cgi?id=759802https://bugzilla.redhat.com/show_bug.cgi?id=826849https://exchange.xforce.ibmcloud.com/vulnerabilities/76952
2012-08-13
Published