Published: 10/10/2017 Updated: 12/07/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

libjpeg-turbo prior to 1.3.1 allows remote malicious users to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libjpeg-turbo libjpeg-turbo
fedoraproject fedora 20
fedoraproject fedora 21
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
canonical ubuntu linux 14.10

Debian Bug report logs - #768369 libjpeg-turbo: CVE-2014-9092: [DOS] Stack smashing Package: libjpeg62-turbo; Maintainer for libjpeg62-turbo is Ondřej Surý <ondrej@debianorg>; Source for libjpeg62-turbo is src:libjpeg-turbo (PTS, buildd, popcon) Affects: imagemagick Reported by: bastien ROUCARIES <roucariesbastien+debi ...

libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file ...

A flaw in libjpeg-turbo was <a href="seclistsorg/oss-sec/2014/q4/557">reported</a> that could lead to a local denial of service when processing a specially-crafted JPEG issue ...

libjpeg-turbo before 131 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker ...

CWE-119 https://tapani.tarvainen.info/linux/convertbug/https://bugzilla.redhat.com/show_bug.cgi?id=1169845 http://www.securityfocus.com/bid/71326 http://www.openwall.com/lists/oss-security/2014/11/26/8 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f https://usn.ubuntu.com/3706-1/https://usn.ubuntu.com/3706-2/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369 https://nvd.nist.gov https://usn.ubuntu.com/3706-2/

CVE-2014-9092

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect