Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2017-9614

Published: July 27, 2017Last modified: November 9, 2023

Description

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API

Severity score breakdown

ParameterValue
Base score8.8
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlibjpeg-turboNot affected (2.1.4-r0)
Streamlibjpeg-turboNot affected (3.0.0-r1)

References

ON THIS PAGE