cve/2023/CVE-2023-2804.md

### [CVE-2023-2804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2804)
![](https://img.shields.io/static/v1?label=Product&message=libjpeg-turbo&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20-%20Heap-based%20Buffer%20Overflow&color=brighgreen)

### Description

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.

### POC

#### Reference
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675

#### Github
No PoCs found on GitHub currently.