Product:

Libjpeg\-Turbo

(Libjpeg\-Turbo)
Repositories https://github.com/libjpeg-turbo/libjpeg-turbo
#Vulnerabilities 16
Date Id Summary Products Score Patch Annotated
2023-08-22 CVE-2021-29390 libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. Fedora, Libjpeg\-Turbo 7.1
2019-07-18 CVE-2019-13960 In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes Libjpeg\-Turbo 5.5
2019-03-07 CVE-2018-14498 get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. Debian_linux, Fedora, Libjpeg\-Turbo, Mozjpeg, Leap 6.5
2013-11-19 CVE-2013-6629 The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. Gpl_ghostscript, Ubuntu_linux, Debian_linux, Fedora, Chrome, Libjpeg\-Turbo, Firefox, Firefox_esr, Seamonkey, Thunderbird, Opensuse, Solaris N/A
2018-12-21 CVE-2018-20330 The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench. Libjpeg\-Turbo 8.8
2018-06-18 CVE-2018-1152 libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. Ubuntu_linux, Debian_linux, Libjpeg\-Turbo 6.5
2018-11-29 CVE-2018-19664 libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. Libjpeg\-Turbo 6.5
2017-02-13 CVE-2016-3616 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. Ubuntu_linux, Debian_linux, Libjpeg\-Turbo, Enterprise_linux 8.8
2017-10-11 CVE-2017-15232 libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Libjpeg\-Turbo 6.5
2017-10-10 CVE-2014-9092 libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. Ubuntu_linux, Fedora, Libjpeg\-Turbo 6.5