Launchpad CVE tracker

CVE 2012-2806

Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.

Related bugs and status

CVE-2012-2806 (Candidate) is related to these bugs:

Bug #1012861: ltj update to 1.2.1+svn853

Summary				In	Importance	Status
	1012861	ltj update to 1.2.1+svn853		libjpeg-turbo (Ubuntu)	Medium	Fix Released
	1012861	ltj update to 1.2.1+svn853		libjpeg-turbo (Ubuntu Precise)	Medium	Won't Fix

Bug #1025537: (CVE-2012-2806) libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images

Summary				In	Importance	Status
	1025537	(CVE-2012-2806) libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images		libjpeg-turbo (Ubuntu)	Undecided	Fix Released
	1025537	(CVE-2012-2806) libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images		libjpeg-turbo (Fedora)	Unknown	Unknown

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-2806

References