Vulnerability Details CVE-2014-9092
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html
- http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f
- http://www.openwall.com/lists/oss-security/2014/11/26/8
- http://www.securityfocus.com/bid/71326
- https://bugzilla.redhat.com/show_bug.cgi?id=1169845
- https://tapani.tarvainen.info/linux/convertbug/
- https://usn.ubuntu.com/3706-1/
- https://usn.ubuntu.com/3706-2/
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html
- http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f
- http://www.openwall.com/lists/oss-security/2014/11/26/8
- http://www.securityfocus.com/bid/71326
- https://bugzilla.redhat.com/show_bug.cgi?id=1169845
- https://tapani.tarvainen.info/linux/convertbug/
- https://usn.ubuntu.com/3706-1/
- https://usn.ubuntu.com/3706-2/
Products affected by CVE-2014-9092
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:-
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:0.0.90
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:0.0.91
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:0.0.93
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.0.0
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.0.1
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.0.90
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.1.0
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.1.1
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.1.90
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.2.0
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.2.1
-
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.2.90
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.10
-
cpe:2.3:o:fedoraproject:fedora:20
-
cpe:2.3:o:fedoraproject:fedora:21