Product:

Libjpeg\-Turbo

(Libjpeg\-Turbo)
Repositories https://github.com/libjpeg-turbo/libjpeg-turbo
#Vulnerabilities 16
Date Id Summary Products Score Patch Annotated
2020-06-03 CVE-2020-13790 libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. Libjpeg\-Turbo, Mozjpeg 8.1
2021-03-10 CVE-2021-20205 Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. Fedora, Libjpeg\-Turbo 6.5
2021-06-01 CVE-2020-17541 Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. Libjpeg\-Turbo 8.8
2022-06-18 CVE-2021-46822 The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. Libjpeg\-Turbo 5.5
2022-08-31 CVE-2020-35538 A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. Libjpeg\-Turbo 5.5
2023-05-25 CVE-2023-2804 A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer... Libjpeg\-Turbo 6.5