High severity8.8NVD Advisory· Published Jul 27, 2017· Updated May 13, 2026

CVE-2017-9614

Description

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API

Affected products

D.r.commander/Libjpeg Turbo
cpe:2.3:a:d.r.commander:libjpeg-turbo:1.5.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/libjpeg-turbo/libjpeg-turbo/issues/167nvdExploitIssue TrackingThird Party Advisory
www.exploit-db.com/exploits/42391/nvdExploitThird Party AdvisoryVDB Entry
packetstormsecurity.com/files/143518/libjpeg-turbo-1.5.1-Denial-Of-Service.htmlnvdThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2017/Jul/66nvdMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000