Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D64E12E4-E41C-4EDD-B96F-C3C6B9B66871", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes"}, {"lang": "es", "value": "** EN DISPUTA ** En libjpeg-turbo versi\u00f3n 2.0.2, se puede usar una gran cantidad de memoria durante el procesamiento de una imagen JPEG progresiva no v\u00e1lida que contiene valores de ancho y altura incorrectos en el encabezado de la imagen. NOTA: la expectativa del proveedor, para los casos de uso en los cuales este uso de la memoria ser\u00eda una denegaci\u00f3n de servicio, es que la aplicaci\u00f3n debe interpretar las advertencias de libjpeg como errores fatales (aborto de la descompresi\u00f3n) y/o establecer l\u00edmites en el consumo de recursos o el tama\u00f1o de las im\u00e1genes"}], "id": "CVE-2019-13960", "lastModified": "2024-11-21T04:25:47.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-18T19:15:11.600", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat