CVE-2012-2845

libjpeg <0.6.20 - DoS/Info Disclosure

Title source: llm

Description

Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.

References (4)

[Product] http://sourceforge.net/mailarchive/message.php?msg_id=29534027

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2012:107

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/54437

[Third Party Advisory] http://secunia.com/advisories/49988

Scores

EPSS 0.0071

EPSS Percentile 72.0%

Classification

CWE

CWE-189

Status draft

Affected Products (1)

curtis_galloway/exif

Timeline

Published Jul 13, 2012

Tracked Since Feb 18, 2026