CVE-2023-37837

Vulnerability

A heap buffer overflow vulnerability exists in libjpeg at commit db33a6e (and potentially earlier versions) within the LineBitmapRequester::EncodeRegion function in linebitmaprequester.cpp [1]. The bug is triggered during JPEG encoding when processing a specially crafted file, leading to a read of size 4 beyond the allocated heap buffer [1]. The affected code path is reachable when the library is used to encode images, and no special configuration is required beyond providing a malicious input file.

Exploitation

An attacker can exploit this vulnerability by supplying a crafted JPEG file to an application using the vulnerable libjpeg library [1]. No authentication or special network position is required; the attacker only needs to convince a user or service to process the malicious file (e.g., via the command-line tool ./jpeg -p @@ /dev/null as demonstrated in the reference) [1]. The crash occurs during the encoding process, specifically in the YCbCrTrafo::RGB2YCbCr call chain invoked from EncodeRegion [1].

Impact

Successful exploitation results in a denial of service (DoS) due to application crash caused by the heap buffer overflow [1]. The description and reference confirm that the overflow leads to a read access violation, which terminates the process. There is no indication of remote code execution or information disclosure in the available sources.

Mitigation

As of the publication date (2023-07-13), no official patch or fixed version has been released for this vulnerability [1]. Users are advised to avoid processing untrusted JPEG files with the affected libjpeg version (commit db33a6e) until a fix is available. The issue is tracked in the project's GitHub repository [1]; users should monitor for updates and apply any future patches promptly.