Back to bug 2208447
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2023-05-19 06:29:36 UTC | Depends On | 2208448 | |
| TEJ RATHI | 2023-05-19 06:58:02 UTC | CC | adudiak, bdettelb, caswilli, dffrench, dkuc, fjansen, gzaronik, hbraun, hkataria, jburrell, jkoehler, jwong, kaycoth, kshier, micjohns, mmuzila, nforro, ngough, rgodfrey, rh-spice-bugs, sthirugn, tmeszaro | |
| TEJ RATHI | 2023-05-19 07:02:20 UTC | Blocks | 2193322 | |
| TEJ RATHI | 2023-05-19 09:26:22 UTC | Doc Text | A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. |
|
| TEJ RATHI | 2023-05-19 10:44:46 UTC | Comment | 0 | updated |
| TEJ RATHI | 2023-05-19 10:57:44 UTC | Comment | 2 | updated |
| TEJ RATHI | 2023-05-19 11:00:44 UTC | Fixed In Version | libjpeg-turbo 3.0-beta2 | |
| Paige Jung | 2023-05-19 15:11:29 UTC | CC | adudiak, jwong | |
| CC | hbraun | |||
| CC | jkoehler | |||
| Doc Text | A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. | A heap-based buffer overflow issue was found in libjpeg-turbo in the h2v2_merged_upsample_internal() function in the jdmrgext.c file. This issue can only be used with 12-bit data precision for which the range of the sample data type exceeds the valid sample range. This could allow an attacker to craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such an image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. | ||
| Red Hat Bugzilla | 2023-07-07 08:30:20 UTC | Assignee | security-response-team | nobody |
| DRC | 2023-07-11 15:27:08 UTC | CC | dcommander |
Back to bug 2208447