Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jpeg vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-37837
libjpeg commit db33a6e exists to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted file.
Jpeg Libjpeg
6.5
CVSSv3
CVE-2022-32978
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg prior to 1.64 via an empty JPEG-LS scan.
Jpeg Libjpeg
6.5
CVSSv3
CVE-2022-31796
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.
Jpeg Libjpeg 1.63
5.5
CVSSv3
CVE-2022-35166
libjpeg commit 842c7ba exists to contain an infinite loop via the component JPEG::ReadInternal.
Jpeg Libjpeg 2022-06-15
NA
CVE-2007-2771
Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote malicious users to execute arbitrary code via a long BitmapDataPath property.
Lead Technologies Leadtools Jpeg 2000 14.5.0.35
1 EDB exploit
NA
CVE-2006-3005
The JPEG library in media-libs/jpeg prior to 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent malicious users to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.
Gentoo Media-libs Jpeg 6b
Gentoo Linux
NA
CVE-2007-4470
Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control prior to 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in prior to 8.1, allow remote malicious users to execute arbitrary code via unspecified vectors.
Er Mapper Image Web Server Ecw Jpeg 2000 Plug-in
NA
CVE-2004-0200
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote malicious users to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length ...
Microsoft .net Framework 1.0
Microsoft Frontpage 2003
Microsoft Greetings 2002
Microsoft Picture It 2002
Microsoft Picture It 7.0
Microsoft Publisher 2003
Microsoft Visio 2002
Microsoft Visual C\\+\\+ 2003
Microsoft Visual J\\# .net 2003
Microsoft Excel 2003
Microsoft Frontpage 2002
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Project 2002
Microsoft Project 2003
Microsoft Publisher 2002
Microsoft Visual C\\# 2003
Microsoft Visual C\\+\\+ 2002
Microsoft Digital Image Suite 9
Microsoft Excel 2002
Microsoft Office Xp
Microsoft Onenote 2003
6 EDB exploits
9.8
CVSSv3
CVE-2021-27804
JPEG XL (aka jpeg-xl) up to and including 0.3.2 allows writable memory corruption.
Libjxl Project Libjxl
NA
CVE-2006-1458
Integer overflow in Apple QuickTime Player prior to 7.1 allows remote malicious users to execute arbitrary code via a crafted JPEG image.
Apple Quicktime 7.0.3
Apple Quicktime 7.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »