CVE-2017-15232

Description

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

How to fix CVE-2017-15232

To remediate CVE-2017-15232, upgrade the affected package to a fixed version below.

• Alpine/libjpeg-turbo—upgrade to 1.5.3-r0 or later
• Debian/libjpeg-turbo—upgrade to 1:2.0.5-1 or later

Is CVE-2017-15232 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.5.3-r0
• from 0, < 1:2.0.5-1

CVSS scores

References (2)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2017-15232
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2017-15232