CVE-2021-39514
Description
An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
libjpeg through 2020021 has an uncaught floating point exception in ACLosslessScan::ParseMCU(), allowing denial-of-service via crafted input.
Vulnerability
An uncaught floating point exception exists in libjpeg through 2020021 in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. This can be triggered by a crafted JPEG file, leading to a crash. The issue is referenced in [1].
Exploitation
An attacker can cause denial-of-service by providing a specially crafted JPEG file to the jpeg command-line tool. The reference [1] demonstrates a command that triggers the crash: ./jpeg -oz -h -s 1x1,2x2,2x2 @@ /dev/null. No authentication or special privileges are required.
Impact
Successful exploitation results in a denial-of-service condition due to an unhandled exception, causing the application to crash. No code execution or data disclosure is indicated.
Mitigation
As of the publication date, no fix has been released. Users should avoid processing untrusted JPEG files with libjpeg until a patch is available. The issue tracker [1] may contain updates.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- libjpeg/libjpegdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/thorfdbg/libjpeg/issues/36mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.