CVE-2016-3616NULL Pointer Dereference in Libjpeg-turbo

CWE-476NULL Pointer Dereference13 documents7 sources
Severity
8.8HIGHNVD
EPSS
1.4%
top 19.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Libjpeg-turboDebian Libjpeg-turboDebian Libjpeg6b+4 more
Timeline
PublishedFeb 13
Latest updateMay 14

Description

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/libjpeg9< libjpeg-turbo 1:1.4.2-1 (bookworm)
debiandebian/libjpeg6b< libjpeg-turbo 1:1.4.2-1 (bookworm)
debiandebian/libjpeg-turbo< libjpeg-turbo 1:1.4.2-1 (bookworm)
Debianlibjpeg-turbo/libjpeg-turbo< 1:1.4.2-1+3

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.4

🔴Vulnerability Details

3
GHSA
GHSA-pj5x-cj5m-45mx: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrar2022-05-14
OSV
libjpeg9 vulnerabilities2022-03-23
OSV
CVE-2016-3616: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrar2017-02-13

📋Vendor Advisories

5
Ubuntu
libjpeg9 vulnerabilities2022-03-23
Ubuntu
libjpeg-turbo vulnerabilities2018-07-10
Ubuntu
libjpeg-turbo vulnerabilities2018-07-09
Red Hat
libjpeg: null pointer dereference in cjpeg2016-03-30
Debian
CVE-2016-3616: libjpeg-turbo - The cjpeg utility in libjpeg allows remote attackers to cause a denial of servic...2016

💬Community

4
Bugzilla
CVE-2016-3616 libjpeg-turbo: libjpeg: null pointer dereference in cjpeg [fedora-all]2016-03-30
Bugzilla
CVE-2016-3616 mingw-libjpeg-turbo: libjpeg: null pointer dereference in cjpeg [fedora-all]2016-03-30
Bugzilla
CVE-2016-3616 libjpeg: null pointer dereference in cjpeg2016-03-21
Bugzilla
null pointer dereference in libjpeg library in cjpeg2016-03-17
CVE-2016-3616 — NULL Pointer Dereference | cvebase