Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2806

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2806
Last Modified 04 Apr 2013 11:11:10
Published 13 Aug 2012 04:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2806

Summary

Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.

Vulnerable Systems

Application

  • D.r.commander Libjpeg-turbo 1.2.0


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=826849

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=759802

XF - libjpegturbo-getsos-bo(76952)

MLIST - [oss-security] 20120717 libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images

SECUNIA - 49883

OSVDB - 84040

CONFIRM - http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830

BID - 54480

SECUNIA - 50753

MANDRIVA - MDVSA-2012:121

GENTOO - GLSA-201209-13

Related Patches

Novell SUSE 2012:6586 jpeg security update for SLE 11 SP1 i586

Novell SUSE 2012:6586 jpeg security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8233 jpeg security update for SLE 10 SP4 i586

Novell SUSE 2012:8233 jpeg security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:51:38