Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9614 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libjpeg-turbo

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents5 sources

Severity

8.8HIGHNVD

EPSS

4.3%

top 11.06%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

D.r.commander Libjpeg-turbo

Timeline

PublishedJul 27

Latest updateMay 17

Description

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDd.r.commander/libjpeg-turbo1.5.1

🔴Vulnerability Details

GHSA

GHSA-2232-3wg2-9j36: The fill_input_buffer function in jdatasrc↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

libjpeg-turbo 1.5.1 - Denial of Service↗2017-07-28

▶

📋Vendor Advisories

Red Hat

libjpeg-turbo: Invalid memory access in the fill_input_buffer function↗2017-07-26

▶

💬Community

Bugzilla

CVE-2017-15232 CVE-2017-9614 libjpeg-turbo: various flaws [fedora-all]↗2017-07-27

▶

Bugzilla

CVE-2017-9614 libjpeg-turbo: Invalid memory access in the fill_input_buffer function↗2017-07-27

▶

Bugzilla

CVE-2017-15232 CVE-2017-9614 mingw-libjpeg-turbo: various flaws [epel-7]↗2017-07-27

▶

Bugzilla

CVE-2017-15232 CVE-2017-9614 mingw-libjpeg-turbo: various flaws [fedora-all]↗2017-07-27

▶