A group of network penetration testing specialists has just reported the finding of a critical vulnerability in mozjpeg, a project for JPEG encoding developed by Mozilla. According to the report, the exploitation of this flaw could lead to out-of-bounds reading.
Experts mention that the vulnerability exists due to the over-read buffer based on the heap in get_rgb_row() in rdppm.c through an incorrectly formatted PPM input file, which could lead to denial of service (DDoS) attacks on the target system.
Tracked as CVE-2020-13790, the flaw received a score of 6/10 on the Common Vulnerability Scoring System (CVSS), so it is considered a medium severity error, as network penetration testing experts mentioned.
The vulnerability could be exploited by actors from remote threats not authenticated over the Internet, although the existence of an exploit to trigger the attack is so far unknown.
There are currently no security patches or workarounds to mitigate the risk of exploitation, so vulnerable software users should stay on top of the release of official updates, network penetration testing specialists say.
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.