Vulnerabilities > CVE-2022-31620 - Reachable Assertion vulnerability in Libjpeg Project Libjpeg 1.63

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

libjpeg-project

CWE-617

NVD

Published: 2022-05-25

Updated: 2023-08-08

Summary

In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.

Vulnerable Configurations

Part	Description	Count
Application	Libjpeg_Project Libjpeg Project Libjpeg 1.63	1

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a
https://github.com/thorfdbg/libjpeg/issues/70