CVE-2014-9092 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libjpeg-turbo

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

1.9%

top 16.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libjpeg-turbo Debian Libjpeg-turbo Canonical Ubuntu Linux +1 more

Timeline

PublishedOct 10

Latest updateMay 14

Description

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/libjpeg-turbo< libjpeg-turbo 1:1.3.1-11 (bookworm)

▶Debianlibjpeg-turbo/libjpeg-turbo< 1:1.3.1-11+3

▶NVDlibjpeg-turbo/libjpeg-turbo1.2.90

Also affects: Fedora 20, 21, Ubuntu Linux 12.04, 14.04, 14.10

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-c37w-643x-858q: libjpeg-turbo before 1↗2022-05-14

▶

OSV

CVE-2014-9092: libjpeg-turbo before 1↗2017-10-10

▶

📋Vendor Advisories

Ubuntu

libjpeg-turbo vulnerabilities↗2018-07-10

▶

Ubuntu

libjpeg-turbo vulnerabilities↗2018-07-09

▶

Red Hat

libjpeg-turbo: denial of service via specially-crafted JPEG file↗2014-10-26

▶

Debian

CVE-2014-9092: libjpeg-turbo - libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service ...↗2014

▶

💬Community

Bugzilla

CVE-2014-9092 libjpeg-turbo: denial of service via specially-crafted JPEG file↗2014-12-02

▶

Bugzilla

CVE-2014-9092 mingw-libjpeg-turbo: libjpeg-turbo: denial of service via specially-crafted JPEG file [epel-7]↗2014-12-02

▶

Bugzilla

CVE-2014-9092 mingw-libjpeg-turbo: libjpeg-turbo: denial of service via specially-crafted JPEG file [fedora-all]↗2014-12-02

▶

Bugzilla

CVE-2014-9092 libjpeg-turbo: denial of service via specially-crafted JPEG file [fedora-all]↗2014-12-02

▶