Lucene search

[email protected]CVE-2012-2806

HistoryAug 13, 2012 - 8:55 p.m.

CVE-2012-2806

2012-08-1320:55:08

CWE-787

[email protected]

web.nvd.nist.gov

cve-2012-2806

libjpeg-turbo

buffer overflow

denial of service

remote code execution

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.

Affected configurations

NVD

Node

d.r.commanderlibjpeg-turboMatch1.2.0

CPENameOperatorVersion
d.r.commander:libjpeg-turbod.r.commander libjpeg-turboeq1.2.0

CPE	Name	Operator	Version
d.r.commander:libjpeg-turbo	d.r.commander libjpeg-turbo	eq	1.2.0

References

libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830

osvdb.org/84040

secunia.com/advisories/49883

secunia.com/advisories/50753

security.gentoo.org/glsa/glsa-201209-13.xml

www.mandriva.com/security/advisories?name=MDVSA-2012:121

www.openwall.com/lists/oss-security/2012/07/17/3

www.securityfocus.com/bid/54480

bugzilla.mozilla.org/show_bug.cgi?id=759802

bugzilla.redhat.com/show_bug.cgi?id=826849

exchange.xforce.ibmcloud.com/vulnerabilities/76952

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2012-2806

nessus8 gentoo1 openvas9 fedora1 securityvulns4 freebsd1 cvelist1 nvd1 debiancve1 altlinux1 ubuntucve1 prion1 ibm5