CVE-2017-9614
libjpeg-turbo 1.5.1 - Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API
** EN DISPUTA ** La función fill_input_buffer en el archivo jdatasrc.c en libjpeg-turbo versión 1.5.1, permite a los atacantes remotos causar una denegación de servicio (acceso a memoria no válido y bloqueo de aplicación) o posiblemente tener otro impacto no especificado por medio de un archivo jpg creado. NOTA: El mantenedor afirma que el problema se debe a un error en el código posterior causado por un mal uso de la API libjpeg.
libjpeg-turbo version 1.5.1 suffers from a denial of service vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-14 CVE Reserved
- 2017-07-26 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-09-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/143518/libjpeg-turbo-1.5.1-Denial-Of-Service.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2017/Jul/66 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/42391 | 2024-08-05 | |
| https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| D.r.commander Search vendor "D.r.commander" | Libjpeg-turbo Search vendor "D.r.commander" for product "Libjpeg-turbo" | 1.5.1 Search vendor "D.r.commander" for product "Libjpeg-turbo" and version "1.5.1" | - |
Affected
| ||||||