CVE-2014-9092

Опубликовано: 10 окт. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

Ссылки

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html
Third Party Advisory
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/11/26/8
Mailing List
http://www.securityfocus.com/bid/71326
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1169845
Issue Tracking
Patch
Third Party Advisory
VDB Entry
https://tapani.tarvainen.info/linux/convertbug/
Third Party Advisory
https://usn.ubuntu.com/3706-1/
https://usn.ubuntu.com/3706-2/
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html
Third Party Advisory
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/11/26/8
Mailing List
http://www.securityfocus.com/bid/71326
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1169845
Issue Tracking
Patch
Third Party Advisory
VDB Entry
https://tapani.tarvainen.info/linux/convertbug/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*

Версия до 1.2.90 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.0187

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2014-9092

CVSS3: 6.5

ubuntu

больше 8 лет назад

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

CVE-2014-9092

redhat

больше 11 лет назад

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

CVE-2014-9092

CVSS3: 6.5

debian

больше 8 лет назад

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial o ...

GHSA-c37w-643x-858q

CVSS3: 6.5

github

больше 3 лет назад

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

BDU:2021-01288

CVSS3: 6.5

fstec

больше 8 лет назад

Уязвимость пакета для работы с файлами JPEG libjpeg-turbo, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 83%

0.0187

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-119