DRC

6 exploits Active since Jun 2018
CVE-2018-1152 WRITEUP MEDIUM WRITEUP
libjpeg-turbo 1.5.90 - DoS
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
CVSS 6.5
CVE-2018-14498 WRITEUP MEDIUM WRITEUP
libjpeg-turbo <1.5.90, MozJPEG <3.3.1 - DoS
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
CVSS 6.5
CVE-2019-15683 WRITEUP CRITICAL WRITEUP
Turbovnc < 2.2.3 - Out-of-Bounds Write
TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e.
CVSS 9.8
CVE-2020-13790 WRITEUP HIGH WRITEUP
Libjpeg-turbo - Out-of-Bounds Read
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
CVSS 8.1
CVE-2020-35538 WRITEUP MEDIUM WRITEUP
Libjpeg-turbo - NULL Pointer Dereference
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
CVSS 5.5
CVE-2023-2804 WRITEUP MEDIUM WRITEUP
libjpeg-turbo - Buffer Overflow
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.
CVSS 6.5