CVE-2017-9614

HIGH

libjpeg-turbo 1.5.1 - DoS

Title source: llm

Description

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API

Exploits (1)

exploitdb WORKING POC

by qflb.wu · textdoslinux

https://www.exploit-db.com/exploits/42391

View Code ZIP pw:eip

References (4)

Core 4

Core References

Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2017/Jul/66

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42391/

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/143518/libjpeg-turbo-1.5.1-Denial-Of-Service.html

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167

Scores

CVSS v3 8.8

EPSS 0.0434

EPSS Percentile 89.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

d.r.commander/libjpeg-turbo 1.5.1

Published Jul 27, 2017

Tracked Since Feb 18, 2026