DRC

6 exploits Active since Jun 2018
CVE-2018-1152 WRITEUP MEDIUM WRITEUP
libjpeg-turbo 1.5.90 - Denial of Service via Crafted BMP Image
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
CVSS 6.5
CVE-2018-14498 WRITEUP MEDIUM WRITEUP
libjpeg-turbo <1.5.90, MozJPEG <3.3.1 - DoS
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
CVSS 6.5
CVE-2019-15683 WRITEUP CRITICAL WRITEUP
TurboVNC < 2.2.3 - Authenticated Stack-based Buffer Overflow
TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e.
CVSS 9.8
CVE-2020-13790 WRITEUP HIGH WRITEUP
libjpeg-turbo 2.0.4 and mozjpeg 4.0.0 - Heap-Based Buffer Over-Read in get_rgb_row
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
CVSS 8.1
CVE-2020-35538 WRITEUP MEDIUM WRITEUP
libjpeg-turbo - Null Pointer Dereference in jcopy_sample_rows()
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
CVSS 5.5
CVE-2023-2804 WRITEUP MEDIUM WRITEUP
libjpeg-turbo - Heap-based Buffer Overflow in h2v2_merged_upsample_internal
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.
CVSS 6.5