Zero day DDOS vulnerability in Mozilla mozjpeg with no patch available

A group of network penetration testing specialists has just reported the finding of a critical vulnerability in mozjpeg, a project for JPEG encoding developed by Mozilla. According to the report, the exploitation of this flaw could lead to out-of-bounds reading.

Experts mention that the vulnerability exists due to the over-read buffer based on the heap in get_rgb_row() in rdppm.c through an incorrectly formatted PPM input file, which could lead to denial of service (DDoS) attacks on the target system.

Tracked as CVE-2020-13790, the flaw received a score of 6/10 on the Common Vulnerability Scoring System (CVSS), so it is considered a medium severity error, as network penetration testing experts mentioned.

The vulnerability could be exploited by actors from remote threats not authenticated over the Internet, although the existence of an exploit to trigger the attack is so far unknown.

There are currently no security patches or workarounds to mitigate the risk of exploitation, so vulnerable software users should stay on top of the release of official updates, network penetration testing specialists say.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.