CVE-2022-37770

Vulnerability

A segmentation fault vulnerability exists in libjpeg commit 281daa9 (the newest master branch) within the LineMerger::GetNextLowpassLine function at linemerger.cpp:262. The bug is triggered when processing a specially crafted JPEG file, causing a null pointer dereference or invalid memory access during the hierarchical reconstruction process. The affected version is libjpeg master branch at commit 281daa9 and likely earlier versions before the fix.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious JPEG file and delivering it to a victim. The attacker requires no authentication or special privileges—only the ability to convince the target to open the file using a vulnerable build of libjpeg (e.g., via the jpeg command-line tool as shown in the reference: jpeg poc /dev/null). Upon parsing the malicious file, the application crashes with a segmentation fault, as demonstrated in the provided backtrace showing the crash at LineMerger::GetNextLowpassLine.

Impact

Successful exploitation causes a denial of service (DoS) by crashing the libjpeg process. The crash is a segmentation fault, leading to termination of the affected application. No code execution or privilege escalation has been reported; the impact is limited to availability loss.

Mitigation

As of August 2022, when this issue was publicly reported (Reference [1]), no official fix was available for libjpeg commit 281daa9. The vulnerability was disclosed via a GitHub issue. Users should monitor the libjpeg repository for a patch. Until a fix is released, avoid processing untrusted JPEG files with affected versions of libjpeg. No workaround other than not using the software on untrusted input has been documented. This CVE is not listed on CISA's Known Exploited Vulnerabilities catalog.