CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-9614

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API

Exploit prediction scoring system (EPSS) score

EPSS Score 0.053

EPSS Ranking 89.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

http://packetstormsecurity.com/files/143518/libjpeg-turbo-1.5.1-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2017/Jul/66
http://seclists.org/fulldisclosure/2017/Jul/66
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
https://www.exploit-db.com/exploits/42391/
http://packetstormsecurity.com/files/143518/libjpeg-turbo-1.5.1-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2017/Jul/66
http://seclists.org/fulldisclosure/2017/Jul/66
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
https://www.exploit-db.com/exploits/42391/

Products affected by CVE-2017-9614

D.r.commander » Libjpeg-Turbo » Version: 1.5.1

cpe:2.3:a:d.r.commander:libjpeg-turbo:1.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9614

Products

Pricing

Contact Us