Primary

Context

Cupoch Out-of-Bounds Write Vulnerability in libjpeg-turbo Module

Vulnerability

An out-of-bounds write vulnerability has been identified in the Cupoch library, specifically within the libjpeg-turbo module. This issue arises in the 'decomp()' function of the 'tjbench.C' file, where the vulnerability allows for memory corruption by writing data outside the allocated buffer boundaries. Such an out-of-bounds write can potentially be exploited to overwrite memory, leading to undefined behavior or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a signed integer overflow, resulting in a segmentation fault. This occurs when the 'decomp()' function attempts to decompress images containing more than approximately 715 million pixels.

Remediation

Users can apply the security patch merged into the main branch of the Cupoch repository. This patch addresses the vulnerability by incorporating the same fix that was applied to the original libjpeg-turbo repository.

Added: Jan 27, 2026, 9:35 AM

Updated: Jan 27, 2026, 3:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.8

remediation

0.0

relevance

2.4

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.8

remediation

0.0

relevance

2.4

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cupoch Out-of-Bounds Write Vulnerability in libjpeg-turbo Module

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating