7.8

CVE-2023-27781

Exploit
jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jpegoptim ProjectJpegoptim Version1.5.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.309
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/tjko/jpegoptim/issues/132
Patch
Third Party Advisory
Exploit
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66ZW65INCWSQYIT5E6N6I6PE5D7R6EK7/