Vulnerabilites related to libjpeg-turbo - libjpeg-turbo
cve-2021-20205
Vulnerability from cvelistv5
Published
2021-03-10 16:21
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1937385 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TM3AHZEYGYFEDL6AW5RLEAJNVRWEJDFL/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMLEY6HLVZAGXIOGGPPUAMRJUA6LB3FD/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Libjpeg-turbo |
Version: 2.0.90 and 2.0.91 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.693Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937385", }, { name: "FEDORA-2021-7de3c2fe57", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TM3AHZEYGYFEDL6AW5RLEAJNVRWEJDFL/", }, { name: "FEDORA-2021-94e37443bb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMLEY6HLVZAGXIOGGPPUAMRJUA6LB3FD/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Libjpeg-turbo", vendor: "n/a", versions: [ { status: "affected", version: "2.0.90 and 2.0.91", }, ], }, ], descriptions: [ { lang: "en", value: "Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.", }, ], problemTypes: [ { descriptions: [ { description: "Divide By Zero", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-24T22:06:20", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937385", }, { name: "FEDORA-2021-7de3c2fe57", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TM3AHZEYGYFEDL6AW5RLEAJNVRWEJDFL/", }, { name: "FEDORA-2021-94e37443bb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMLEY6HLVZAGXIOGGPPUAMRJUA6LB3FD/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20205", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Libjpeg-turbo", version: { version_data: [ { version_value: "2.0.90 and 2.0.91", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Divide By Zero", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1937385", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937385", }, { name: "FEDORA-2021-7de3c2fe57", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TM3AHZEYGYFEDL6AW5RLEAJNVRWEJDFL/", }, { name: "FEDORA-2021-94e37443bb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMLEY6HLVZAGXIOGGPPUAMRJUA6LB3FD/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20205", datePublished: "2021-03-10T16:21:58", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29390
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-04 16:11
Severity ?
EPSS score ?
Summary
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:02:51.858Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1943797", }, { tags: [ "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595", }, { tags: [ "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c", }, { name: "FEDORA-2023-d79ff22c5b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/", }, { name: "FEDORA-2023-3bfb63f6d2", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", }, { name: "FEDORA-2023-b427f54e68", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-29390", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T16:08:32.914099Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T16:11:31.673Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-21T02:07:13.454726", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1943797", }, { url: "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595", }, { url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c", }, { name: "FEDORA-2023-d79ff22c5b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/", }, { name: "FEDORA-2023-3bfb63f6d2", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", }, { name: "FEDORA-2023-b427f54e68", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-29390", datePublished: "2023-08-22T00:00:00", dateReserved: "2021-03-29T00:00:00", dateUpdated: "2024-10-04T16:11:31.673Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19664
Vulnerability from cvelistv5
Published
2018-11-29 07:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.
References
▼ | URL | Tags |
---|---|---|
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305 | x_refsource_MISC | |
https://usn.ubuntu.com/4190-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:44:19.396Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305", }, { name: "USN-4190-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4190-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-29T00:00:00", descriptions: [ { lang: "en", value: "libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-13T18:06:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305", }, { name: "USN-4190-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4190-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19664", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305", }, { name: "USN-4190-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4190-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19664", datePublished: "2018-11-29T07:00:00", dateReserved: "2018-11-29T00:00:00", dateUpdated: "2024-08-05T11:44:19.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20330
Vulnerability from cvelistv5
Published
2018-12-21 09:00
Modified
2024-08-05 11:58
Severity ?
EPSS score ?
Summary
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
References
▼ | URL | Tags |
---|---|---|
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304 | x_refsource_MISC | |
https://usn.ubuntu.com/4190-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:58:18.787Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304", }, { name: "USN-4190-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4190-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-12-21T00:00:00", descriptions: [ { lang: "en", value: "The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-13T18:06:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304", }, { name: "USN-4190-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4190-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20330", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304", }, { name: "USN-4190-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4190-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20330", datePublished: "2018-12-21T09:00:00", dateReserved: "2018-12-21T00:00:00", dateUpdated: "2024-08-05T11:58:18.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13790
Vulnerability from cvelistv5
Published
2020-06-03 18:56
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433 | x_refsource_MISC | |
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a | x_refsource_MISC | |
https://usn.ubuntu.com/4386-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html | vendor-advisory, x_refsource_SUSE | |
https://security.gentoo.org/glsa/202010-03 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.551Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a", }, { name: "USN-4386-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4386-1/", }, { name: "FEDORA-2020-f09ecf5985", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/", }, { name: "FEDORA-2020-86fa578c8d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, { name: "openSUSE-SU-2020:1413", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html", }, { name: "openSUSE-SU-2020:1458", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html", }, { name: "GLSA-202010-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202010-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T12:06:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a", }, { name: "USN-4386-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4386-1/", }, { name: "FEDORA-2020-f09ecf5985", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/", }, { name: "FEDORA-2020-86fa578c8d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, { name: "openSUSE-SU-2020:1413", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html", }, { name: "openSUSE-SU-2020:1458", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html", }, { name: "GLSA-202010-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202010-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13790", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433", }, { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a", }, { name: "USN-4386-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4386-1/", }, { name: "FEDORA-2020-f09ecf5985", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/", }, { name: "FEDORA-2020-86fa578c8d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, { name: "openSUSE-SU-2020:1413", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html", }, { name: "openSUSE-SU-2020:1458", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html", }, { name: "GLSA-202010-03", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202010-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13790", datePublished: "2020-06-03T18:56:05", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13960
Vulnerability from cvelistv5
Published
2019-07-18 18:52
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes
References
▼ | URL | Tags |
---|---|---|
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337 | x_refsource_MISC | |
https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:05:44.065Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-18T18:52:29", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337", }, { tags: [ "x_refsource_MISC", ], url: "https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13960", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337", }, { name: "https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf", refsource: "MISC", url: "https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13960", datePublished: "2019-07-18T18:52:29", dateReserved: "2019-07-18T00:00:00", dateUpdated: "2024-08-05T00:05:44.065Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1152
Vulnerability from cvelistv5
Published
2018-06-18 14:00
Modified
2024-09-17 03:53
Severity ?
EPSS score ?
Summary
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104543 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3706-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.tenable.com/security/research/tra-2018-17 | x_refsource_MISC | |
https://usn.ubuntu.com/3706-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html | mailing-list, x_refsource_MLIST | |
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html | vendor-advisory, x_refsource_SUSE | |
https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Tenable | libjpeg-turbo |
Version: 1.5.90 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:51:48.761Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104543", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104543", }, { name: "USN-3706-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3706-2/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2018-17", }, { name: "USN-3706-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3706-1/", }, { name: "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6", }, { name: "openSUSE-SU-2019:1118", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", }, { name: "openSUSE-SU-2019:1343", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libjpeg-turbo", vendor: "Tenable", versions: [ { status: "affected", version: "1.5.90", }, ], }, ], datePublic: "2018-06-12T00:00:00", descriptions: [ { lang: "en", value: "libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-31T20:06:09", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { name: "104543", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104543", }, { name: "USN-3706-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3706-2/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2018-17", }, { name: "USN-3706-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3706-1/", }, { name: "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6", }, { name: "openSUSE-SU-2019:1118", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", }, { name: "openSUSE-SU-2019:1343", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnreport@tenable.com", DATE_PUBLIC: "2018-06-12T00:00:00", ID: "CVE-2018-1152", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "libjpeg-turbo", version: { version_data: [ { version_value: "1.5.90", }, ], }, }, ], }, vendor_name: "Tenable", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "104543", refsource: "BID", url: "http://www.securityfocus.com/bid/104543", }, { name: "USN-3706-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3706-2/", }, { name: "https://www.tenable.com/security/research/tra-2018-17", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2018-17", }, { name: "USN-3706-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3706-1/", }, { name: "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", }, { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6", refsource: "CONFIRM", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6", }, { name: "openSUSE-SU-2019:1118", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", }, { name: "openSUSE-SU-2019:1343", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2018-1152", datePublished: "2018-06-18T14:00:00Z", dateReserved: "2017-12-05T00:00:00", dateUpdated: "2024-09-17T03:53:43.845Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6629
Vulnerability from cvelistv5
Published
2013-11-15 20:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:46:22.170Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20131112 bugs in IJG jpeg6b & libjpeg-turbo", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html", }, { name: "63676", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/63676", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=swg21675973", }, { name: "RHSA-2014:0414", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "RHSA-2013:1804", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1804.html", }, { name: "openSUSE-SU-2013:1958", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html", }, { name: "HPSBUX03091", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=140852886808946&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", }, { name: "RHSA-2014:0413", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2014:0413", }, { name: "59058", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59058", }, { name: "SSRT101667", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=140852886808946&w=2", }, { name: "RHSA-2013:1803", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1803.html", }, { name: "openSUSE-SU-2013:1957", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html", }, { name: "HPSBUX03092", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=140852974709252&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT6163", }, { name: "56175", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/56175", }, { name: "FEDORA-2013-23127", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html", }, { name: "openSUSE-SU-2014:0065", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html", }, { name: "FEDORA-2013-23519", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html", }, { name: "58974", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/58974", }, { name: "1029470", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029470", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=891693", }, { name: "openSUSE-SU-2013:1917", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT6150", }, { name: "openSUSE-SU-2013:1959", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", }, { name: "openSUSE-SU-2013:1916", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html", }, { name: "openSUSE-SU-2014:0008", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html", }, { name: "1029476", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029476", }, { name: "openSUSE-SU-2013:1776", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html", }, { name: "SSRT101668", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=140852974709252&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://src.chromium.org/viewvc/chrome?revision=229729&view=revision", }, { name: "GLSA-201606-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201606-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", }, { name: "openSUSE-SU-2013:1918", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html", }, { name: "FEDORA-2013-23291", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT6162", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://code.google.com/p/chromium/issues/detail?id=258723", }, { name: "USN-2052-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2052-1", }, { name: "DSA-2799", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2799", }, { name: "openSUSE-SU-2013:1861", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html", }, { name: "openSUSE-SU-2013:1777", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2013-0333.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.ghostscript.com/show_bug.cgi?id=686980", }, { name: "MDVSA-2013:273", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:273", }, { name: "USN-2060-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2060-1", }, { name: "USN-2053-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2053-1", }, { name: "FEDORA-2013-23295", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-11-12T00:00:00", descriptions: [ { lang: "en", value: "The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20131112 bugs in IJG jpeg6b & libjpeg-turbo", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html", }, { name: "63676", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/63676", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=swg21675973", }, { name: "RHSA-2014:0414", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "RHSA-2013:1804", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1804.html", }, { name: "openSUSE-SU-2013:1958", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html", }, { name: "HPSBUX03091", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=140852886808946&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", }, { name: "RHSA-2014:0413", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2014:0413", }, { name: "59058", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59058", }, { name: "SSRT101667", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=140852886808946&w=2", }, { name: "RHSA-2013:1803", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1803.html", }, { name: "openSUSE-SU-2013:1957", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html", }, { name: "HPSBUX03092", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=140852974709252&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT6163", }, { name: "56175", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/56175", }, { name: "FEDORA-2013-23127", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html", }, { name: "openSUSE-SU-2014:0065", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html", }, { name: "FEDORA-2013-23519", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html", }, { name: "58974", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/58974", }, { name: "1029470", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029470", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=891693", }, { name: "openSUSE-SU-2013:1917", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT6150", }, { name: "openSUSE-SU-2013:1959", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", }, { name: "openSUSE-SU-2013:1916", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html", }, { name: "openSUSE-SU-2014:0008", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html", }, { name: "1029476", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029476", }, { name: "openSUSE-SU-2013:1776", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html", }, { name: "SSRT101668", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=140852974709252&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://src.chromium.org/viewvc/chrome?revision=229729&view=revision", }, { name: "GLSA-201606-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201606-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", }, { name: "openSUSE-SU-2013:1918", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html", }, { name: "FEDORA-2013-23291", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT6162", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://code.google.com/p/chromium/issues/detail?id=258723", }, { name: "USN-2052-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2052-1", }, { name: "DSA-2799", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2799", }, { name: "openSUSE-SU-2013:1861", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html", }, { name: "openSUSE-SU-2013:1777", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2013-0333.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.ghostscript.com/show_bug.cgi?id=686980", }, { name: "MDVSA-2013:273", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:273", }, { name: "USN-2060-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2060-1", }, { name: "USN-2053-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2053-1", }, { name: "FEDORA-2013-23295", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-6629", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20131112 bugs in IJG jpeg6b & libjpeg-turbo", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html", }, { name: "63676", refsource: "BID", url: "http://www.securityfocus.com/bid/63676", }, { name: "https://www.ibm.com/support/docview.wss?uid=swg21675973", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=swg21675973", }, { name: "RHSA-2014:0414", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "RHSA-2013:1804", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1804.html", }, { name: "openSUSE-SU-2013:1958", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html", }, { name: "HPSBUX03091", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=140852886808946&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", }, { name: "RHSA-2014:0413", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2014:0413", }, { name: "59058", refsource: "SECUNIA", url: "http://secunia.com/advisories/59058", }, { name: "SSRT101667", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=140852886808946&w=2", }, { name: "RHSA-2013:1803", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1803.html", }, { name: "openSUSE-SU-2013:1957", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html", }, { name: "HPSBUX03092", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=140852974709252&w=2", }, { name: "http://support.apple.com/kb/HT6163", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT6163", }, { name: "56175", refsource: "SECUNIA", url: "http://secunia.com/advisories/56175", }, { name: "FEDORA-2013-23127", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html", }, { name: "openSUSE-SU-2014:0065", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html", }, { name: "FEDORA-2013-23519", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html", }, { name: "58974", refsource: "SECUNIA", url: "http://secunia.com/advisories/58974", }, { name: "1029470", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029470", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=891693", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=891693", }, { name: "openSUSE-SU-2013:1917", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html", }, { name: "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html", }, { name: "http://support.apple.com/kb/HT6150", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT6150", }, { name: "openSUSE-SU-2013:1959", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629", }, { name: "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", }, { name: "openSUSE-SU-2013:1916", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html", }, { name: "openSUSE-SU-2014:0008", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html", }, { name: "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html", refsource: "CONFIRM", url: "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html", }, { name: "1029476", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029476", }, { name: "openSUSE-SU-2013:1776", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html", }, { name: "SSRT101668", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=140852974709252&w=2", }, { name: "https://src.chromium.org/viewvc/chrome?revision=229729&view=revision", refsource: "CONFIRM", url: "https://src.chromium.org/viewvc/chrome?revision=229729&view=revision", }, { name: "GLSA-201606-03", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201606-03", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", }, { name: "openSUSE-SU-2013:1918", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html", }, { name: "FEDORA-2013-23291", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html", }, { name: "http://support.apple.com/kb/HT6162", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT6162", }, { name: "https://code.google.com/p/chromium/issues/detail?id=258723", refsource: "CONFIRM", url: "https://code.google.com/p/chromium/issues/detail?id=258723", }, { name: "USN-2052-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2052-1", }, { name: "DSA-2799", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2799", }, { name: "openSUSE-SU-2013:1861", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html", }, { name: "openSUSE-SU-2013:1777", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { name: "http://advisories.mageia.org/MGASA-2013-0333.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2013-0333.html", }, { name: "http://bugs.ghostscript.com/show_bug.cgi?id=686980", refsource: "CONFIRM", url: "http://bugs.ghostscript.com/show_bug.cgi?id=686980", }, { name: "MDVSA-2013:273", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:273", }, { name: "USN-2060-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2060-1", }, { name: "USN-2053-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2053-1", }, { name: "FEDORA-2013-23295", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-6629", datePublished: "2013-11-15T20:00:00", dateReserved: "2013-11-05T00:00:00", dateUpdated: "2024-08-06T17:46:22.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14498
Vulnerability from cvelistv5
Published
2019-03-07 22:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:29:51.678Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mozilla/mozjpeg/issues/299", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55", }, { name: "[debian-lts-announce] 20190318 [SECURITY] [DLA 1719-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html", }, { name: "FEDORA-2019-87e2fa8e0f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/", }, { name: "openSUSE-SU-2019:1118", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", }, { name: "openSUSE-SU-2019:1343", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", }, { name: "RHSA-2019:2052", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2052", }, { name: "RHSA-2019:3705", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3705", }, { name: "USN-4190-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4190-1/", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-21T00:00:00", descriptions: [ { lang: "en", value: "get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-31T20:06:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/mozilla/mozjpeg/issues/299", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55", }, { name: "[debian-lts-announce] 20190318 [SECURITY] [DLA 1719-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html", }, { name: "FEDORA-2019-87e2fa8e0f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/", }, { name: "openSUSE-SU-2019:1118", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", }, { name: "openSUSE-SU-2019:1343", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", }, { name: "RHSA-2019:2052", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2052", }, { name: "RHSA-2019:3705", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3705", }, { name: "USN-4190-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4190-1/", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14498", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258", }, { name: "https://github.com/mozilla/mozjpeg/issues/299", refsource: "MISC", url: "https://github.com/mozilla/mozjpeg/issues/299", }, { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55", }, { name: "[debian-lts-announce] 20190318 [SECURITY] [DLA 1719-1] libjpeg-turbo security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html", }, { name: "FEDORA-2019-87e2fa8e0f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/", }, { name: "openSUSE-SU-2019:1118", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", }, { name: "openSUSE-SU-2019:1343", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", }, { name: "RHSA-2019:2052", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2052", }, { name: "RHSA-2019:3705", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3705", }, { name: "USN-4190-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4190-1/", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14498", datePublished: "2019-03-07T22:00:00", dateReserved: "2018-07-21T00:00:00", dateUpdated: "2024-08-05T09:29:51.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-2804
Vulnerability from cvelistv5
Published
2023-05-25 00:00
Modified
2025-01-16 15:17
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | libjpeg-turbo |
Version: Fixed in libjpeg-turbo v3.0 (beta2) |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:33:05.771Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2208447", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-2804", }, { tags: [ "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021", }, { tags: [ "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118", }, { tags: [ "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-2804", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-16T15:15:55.152243Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-16T15:17:27.071Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "libjpeg-turbo", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in libjpeg-turbo v3.0 (beta2)", }, ], }, ], descriptions: [ { lang: "en", value: "A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 - Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T19:05:59.636100", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2208447", }, { url: "https://access.redhat.com/security/cve/CVE-2023-2804", }, { url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021", }, { url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118", }, { url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-2804", datePublished: "2023-05-25T00:00:00", dateReserved: "2023-05-19T00:00:00", dateUpdated: "2025-01-16T15:17:27.071Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-9092
Vulnerability from cvelistv5
Published
2017-10-10 13:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:33:13.553Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1169845", }, { name: "FEDORA-2015-2615", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html", }, { name: "USN-3706-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3706-2/", }, { name: "FEDORA-2015-2580", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://tapani.tarvainen.info/linux/convertbug/", }, { name: "FEDORA-2014-17561", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html", }, { name: "USN-3706-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3706-1/", }, { name: "71326", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/71326", }, { name: "[oss-security] 20141126 Re: Stack smashing in libjpeg-turbo", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/11/26/8", }, { name: "FEDORA-2014-17543", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-06T00:00:00", descriptions: [ { lang: "en", value: "libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-11T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1169845", }, { name: "FEDORA-2015-2615", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html", }, { name: "USN-3706-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3706-2/", }, { name: "FEDORA-2015-2580", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html", }, { tags: [ "x_refsource_MISC", ], url: "https://tapani.tarvainen.info/linux/convertbug/", }, { name: "FEDORA-2014-17561", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html", }, { name: "USN-3706-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3706-1/", }, { name: "71326", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/71326", }, { name: "[oss-security] 20141126 Re: Stack smashing in libjpeg-turbo", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/11/26/8", }, { name: "FEDORA-2014-17543", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-9092", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f", refsource: "MISC", url: "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1169845", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1169845", }, { name: "FEDORA-2015-2615", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html", }, { name: "USN-3706-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3706-2/", }, { name: "FEDORA-2015-2580", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html", }, { name: "https://tapani.tarvainen.info/linux/convertbug/", refsource: "MISC", url: "https://tapani.tarvainen.info/linux/convertbug/", }, { name: "FEDORA-2014-17561", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html", }, { name: "USN-3706-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3706-1/", }, { name: "71326", refsource: "BID", url: "http://www.securityfocus.com/bid/71326", }, { name: "[oss-security] 20141126 Re: Stack smashing in libjpeg-turbo", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2014/11/26/8", }, { name: "FEDORA-2014-17543", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-9092", datePublished: "2017-10-10T13:00:00", dateReserved: "2014-11-26T00:00:00", dateUpdated: "2024-08-06T13:33:13.553Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-15232
Vulnerability from cvelistv5
Published
2017-10-11 03:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3706-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/mozilla/mozjpeg/issues/268 | x_refsource_MISC | |
https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:50:16.363Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3706-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3706-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mozilla/mozjpeg/issues/268", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-10-10T00:00:00", descriptions: [ { lang: "en", value: "libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-10T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3706-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3706-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/mozilla/mozjpeg/issues/268", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-15232", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3706-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3706-1/", }, { name: "https://github.com/mozilla/mozjpeg/issues/268", refsource: "MISC", url: "https://github.com/mozilla/mozjpeg/issues/268", }, { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-15232", datePublished: "2017-10-11T03:00:00", dateReserved: "2017-10-10T00:00:00", dateUpdated: "2024-08-05T19:50:16.363Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17541
Vulnerability from cvelistv5
Published
2021-06-01 14:44
Modified
2024-08-04 14:00
Severity ?
EPSS score ?
Summary
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
References
▼ | URL | Tags |
---|---|---|
https://cwe.mitre.org/data/definitions/121.html | x_refsource_MISC | |
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:00:48.686Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cwe.mitre.org/data/definitions/121.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Libjpeg-turbo all version have a stack-based buffer overflow in the \"transform\" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-10T20:16:25", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cwe.mitre.org/data/definitions/121.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-17541", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Libjpeg-turbo all version have a stack-based buffer overflow in the \"transform\" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cwe.mitre.org/data/definitions/121.html", refsource: "MISC", url: "https://cwe.mitre.org/data/definitions/121.html", }, { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-17541", datePublished: "2021-06-01T14:44:41", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-08-04T14:00:48.686Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46822
Vulnerability from cvelistv5
Published
2022-06-18 15:27
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2 | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:17:42.633Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-18T15:27:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-46822", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-46822", datePublished: "2022-06-18T15:27:44", dateReserved: "2022-06-18T00:00:00", dateUpdated: "2024-08-04T05:17:42.633Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3616
Vulnerability from cvelistv5
Published
2017-02-13 18:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3706-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3706-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html | mailing-list, x_refsource_MLIST | |
https://bugzilla.redhat.com/show_bug.cgi?id=1318509 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=1319661 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2019:2052 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3706-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3706-2/", }, { name: "USN-3706-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3706-1/", }, { name: "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318509", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1319661", }, { name: "RHSA-2019:2052", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2052", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-21T00:00:00", descriptions: [ { lang: "en", value: "The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-06T16:06:31", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3706-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3706-2/", }, { name: "USN-3706-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3706-1/", }, { name: "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318509", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1319661", }, { name: "RHSA-2019:2052", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2052", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-3616", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3706-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3706-2/", }, { name: "USN-3706-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3706-1/", }, { name: "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1318509", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318509", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1319661", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1319661", }, { name: "RHSA-2019:2052", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2052", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-3616", datePublished: "2017-02-13T18:00:00", dateReserved: "2016-03-18T00:00:00", dateUpdated: "2024-08-06T00:03:34.181Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35538
Vulnerability from cvelistv5
Published
2022-08-31 15:33
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
References
▼ | URL | Tags |
---|---|---|
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441 | x_refsource_MISC | |
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | libjpeg-turbo |
Version: libjpeg-turbo 2.0.5 onwards |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:08.152Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libjpeg-turbo", vendor: "n/a", versions: [ { status: "affected", version: "libjpeg-turbo 2.0.5 onwards", }, ], }, ], descriptions: [ { lang: "en", value: "A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-31T15:33:04", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-35538", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "libjpeg-turbo", version: { version_data: [ { version_value: "libjpeg-turbo 2.0.5 onwards", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441", }, { name: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30", refsource: "MISC", url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-35538", datePublished: "2022-08-31T15:33:04", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-04T17:02:08.152Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2019-07-18 19:15
Modified
2024-11-21 04:25
Severity ?
Summary
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337 | Exploit, Third Party Advisory | |
cve@mitre.org | https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf | Exploit, Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 2.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "D64E12E4-E41C-4EDD-B96F-C3C6B9B66871", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes", }, { lang: "es", value: "** EN DISPUTA ** En libjpeg-turbo versión 2.0.2, se puede usar una gran cantidad de memoria durante el procesamiento de una imagen JPEG progresiva no válida que contiene valores de ancho y altura incorrectos en el encabezado de la imagen. NOTA: la expectativa del proveedor, para los casos de uso en los cuales este uso de la memoria sería una denegación de servicio, es que la aplicación debe interpretar las advertencias de libjpeg como errores fatales (aborto de la descompresión) y/o establecer límites en el consumo de recursos o el tamaño de las imágenes", }, ], id: "CVE-2019-13960", lastModified: "2024-11-21T04:25:47.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-18T19:15:11.600", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-18 14:29
Modified
2024-11-21 03:59
Severity ?
Summary
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 1.5.90 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 17.10 | |
canonical | ubuntu_linux | 18.04 | |
debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*", matchCriteriaId: "7CAECC09-0C8D-48FD-9F38-E0131FE4CBF6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", matchCriteriaId: "8D305F7A-D159-4716-AB26-5E38BB5CD991", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.", }, { lang: "es", value: "libjpeg-turbo 1.5.90 es vulnerable a una denegación de servicio (DoS) provocada por una división entre cero al procesar una imagen BMP manipulada.", }, ], id: "CVE-2018-1152", lastModified: "2024-11-21T03:59:17.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-18T14:29:00.323", references: [ { source: "vulnreport@tenable.com", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", }, { source: "vulnreport@tenable.com", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", }, { source: "vulnreport@tenable.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104543", }, { source: "vulnreport@tenable.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6", }, { source: "vulnreport@tenable.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", }, { source: "vulnreport@tenable.com", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, { source: "vulnreport@tenable.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3706-1/", }, { source: "vulnreport@tenable.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3706-2/", }, { source: "vulnreport@tenable.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2018-17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3706-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3706-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2018-17", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-369", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 06:01
Severity ?
Summary
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 2.0.90 | |
fedoraproject | fedora | 37 | |
fedoraproject | fedora | 38 | |
fedoraproject | fedora | 39 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.90:*:*:*:*:*:*:*", matchCriteriaId: "AA5809B6-0C5C-44C6-A2BF-4CE81A4D9200", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", }, { lang: "es", value: "libjpeg-turbo versión 2.0.90 tiene una sobrelectura del búfer (2 bytes) en decompress_smooth_data en jdcoefct.c.", }, ], id: "CVE-2021-29390", lastModified: "2024-11-21T06:01:01.670", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:16:20.237", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Permissions Required", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1943797", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Permissions Required", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1943797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-13 18:59
Modified
2024-11-21 02:50
Severity ?
Summary
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 7.4 | |
redhat | enterprise_linux | 7.4 | |
debian | debian_linux | 8.0 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:7.4:*:*:*:*:*:*:*", matchCriteriaId: "06C45810-2B87-4FE7-9660-51DD4EAC8B35", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", matchCriteriaId: "041F9200-4C01-4187-AE34-240E8277B54D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", matchCriteriaId: "8D305F7A-D159-4716-AB26-5E38BB5CD991", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.", }, { lang: "es", value: "La utilidad cjpeg en libjpeg permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) o ejecutar código arbitrario a través de un archivo manipulado.", }, ], id: "CVE-2016-3616", lastModified: "2024-11-21T02:50:23.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-13T18:59:00.487", references: [ { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2052", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318509", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1319661", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3706-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3706-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1319661", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3706-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3706-2/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-25 22:15
Modified
2025-01-16 16:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 2.1.90 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.1.90:*:*:*:*:*:*:*", matchCriteriaId: "B3DDE171-3648-4EA8-BD44-788B3FDAF61E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.", }, ], id: "CVE-2023-2804", lastModified: "2025-01-16T16:15:29.043", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-25T22:15:09.443", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-2804", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2208447", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675", }, { source: "secalert@redhat.com", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-2804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2208447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-11-19 04:50
Modified
2024-11-21 01:59
Severity ?
Summary
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
chrome | * | ||
oracle | solaris | 11.3 | |
artifex | gpl_ghostscript | * | |
libjpeg-turbo | libjpeg-turbo | * | |
fedoraproject | fedora | 18 | |
fedoraproject | fedora | 19 | |
fedoraproject | fedora | 20 | |
opensuse | opensuse | 12.2 | |
opensuse | opensuse | 12.3 | |
opensuse | opensuse | 13.1 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 | |
canonical | ubuntu_linux | 13.04 | |
canonical | ubuntu_linux | 13.10 | |
debian | debian_linux | 7.0 | |
debian | debian_linux | 8.0 | |
mozilla | firefox | * | |
mozilla | firefox_esr | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", matchCriteriaId: "9AC57EF9-A495-423F-AD0D-2425218CC1C4", versionEndExcluding: "31.0.1650.48", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", matchCriteriaId: "79A602C5-61FE-47BA-9786-F045B6C6DBA8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*", matchCriteriaId: "48EA0775-5691-4AF4-8C0C-2E0E0CF435D0", versionEndExcluding: "9.03", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", matchCriteriaId: "032082CC-42FC-458A-9F96-1D16BAABDDF0", versionEndExcluding: "1.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", matchCriteriaId: "E14271AE-1309-48F3-B9C6-D7DEEC488279", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", matchCriteriaId: "5991814D-CA77-4C25-90D2-DB542B17E0AD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", matchCriteriaId: "D806A17E-B8F9-466D-807D-3F1E77603DC8", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", matchCriteriaId: "01EDA41C-6B2E-49AF-B503-EB3882265C11", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", matchCriteriaId: "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", matchCriteriaId: "7F61F047-129C-41A6-8A27-FFCBB8563E91", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "50A3A702-C2B1-4311-9EBC-D62079E3DCD5", versionEndExcluding: "26.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", matchCriteriaId: "C9F9FD5D-37C7-4FEC-8BA9-A630C5FC4CDD", versionEndExcluding: "24.2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", matchCriteriaId: "D337932C-EF9D-4511-87DB-54262C6635D9", versionEndExcluding: "2.23", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "60375410-A29A-427B-B090-F0E131EC08B5", versionEndExcluding: "24.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.", }, { lang: "es", value: "La función get_sos de jdmarker.c en libjpeg 6b y libjpeg-turbo hasta la versión 1.3.0, tal y como se usa en Google Chrome anterior a la versión 31.0.1650.48, Ghostscript y otros productos, no comprueba ciertas duplicaciones de datos de componentes durante la lectura de segmentos que siguen marcadores Start Of Scan (SOS), lo que permite a atacantes remotos obtener información sensible desde localizaciones de memoria sin inicializar a través de una imagen JPEG manipulada.", }, ], id: "CVE-2013-6629", lastModified: "2024-11-21T01:59:23.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-11-19T04:50:56.250", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2013-0333.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://bugs.ghostscript.com/show_bug.cgi?id=686980", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140852886808946&w=2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140852886808946&w=2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140852974709252&w=2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140852974709252&w=2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1803.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1804.html", }, { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/56175", }, { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/58974", }, { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/59058", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6150", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6162", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6163", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2013/dsa-2799", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:273", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/63676", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029470", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029476", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2052-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2053-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2060-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2014:0413", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=891693", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://code.google.com/p/chromium/issues/detail?id=258723", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201606-03", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://src.chromium.org/viewvc/chrome?revision=229729&view=revision", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=swg21675973", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2013-0333.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "http://bugs.ghostscript.com/show_bug.cgi?id=686980", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140852886808946&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140852886808946&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140852974709252&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140852974709252&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1803.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1804.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/56175", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/58974", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/59058", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6150", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6162", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2013/dsa-2799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:273", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/63676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2052-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2053-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2060-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2014:0413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=891693", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://code.google.com/p/chromium/issues/detail?id=258723", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201606-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://src.chromium.org/viewvc/chrome?revision=229729&view=revision", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=swg21675973", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-29 08:29
Modified
2024-11-21 03:58
Severity ?
Summary
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305 | Exploit, Third Party Advisory | |
cve@mitre.org | https://usn.ubuntu.com/4190-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4190-1/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 2.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "08B1CB70-7F6D-42A0-8CEE-5990BB54D73B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.", }, { lang: "es", value: "libjpeg-turbo 2.0.1 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en la función put_pixel_rows en wrbmp.c, tal y como queda demostrado con djpeg.", }, ], id: "CVE-2018-19664", lastModified: "2024-11-21T03:58:22.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-29T08:29:00.347", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4190-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4190-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-10 13:29
Modified
2024-11-21 02:20
Severity ?
Summary
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | * | |
fedoraproject | fedora | 20 | |
fedoraproject | fedora | 21 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 14.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", matchCriteriaId: "5A089C39-592A-467A-B446-A5FB50FC42FE", versionEndIncluding: "1.2.90", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.", }, { lang: "es", value: "libjpeg-turbo en versiones anteriores a la 1.3.1 permite que atacantes remotos causen una denegación de servicio (cierre inesperado) mediante un archivo JPEG manipulado, relacionado con el marcador Exif.", }, ], id: "CVE-2014-9092", lastModified: "2024-11-21T02:20:12.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-10T13:29:00.200", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2014/11/26/8", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/71326", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1169845", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://tapani.tarvainen.info/linux/convertbug/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3706-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3706-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2014/11/26/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/71326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1169845", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tapani.tarvainen.info/linux/convertbug/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3706-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3706-2/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-21 09:29
Modified
2024-11-21 04:01
Severity ?
Summary
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 2.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "08B1CB70-7F6D-42A0-8CEE-5990BB54D73B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.", }, { lang: "es", value: "La función tjLoadImage en libjpeg-turbo en 2.0.1 tiene un desbordamiento de enteros con un desbordamiento de búfer basado en memoria dinámica (heap) resultante mediante una imagen BMP. Esto se debe a que se gestiona de manera incorrecta la multiplicación del pitch y la altura, tal y como queda demostrado con tjbench.", }, ], id: "CVE-2018-20330", lastModified: "2024-11-21T04:01:14.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-21T09:29:00.247", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4190-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4190-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-11 03:29
Modified
2024-11-21 03:14
Severity ?
Summary
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182 | Patch, Third Party Advisory | |
cve@mitre.org | https://github.com/mozilla/mozjpeg/issues/268 | Exploit, Third Party Advisory | |
cve@mitre.org | https://usn.ubuntu.com/3706-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mozilla/mozjpeg/issues/268 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3706-1/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 1.5.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "FF70D31B-3A3B-4653-B792-3A24CA1C4CD8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.", }, { lang: "es", value: "libjpeg-turbo 1.5.2 tiene una desreferencia de puntero NULL en jdpostct.c y jquant1.c mediante un archivo JPEG manipulado.", }, ], id: "CVE-2017-15232", lastModified: "2024-11-21T03:14:16.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-11T03:29:00.197", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/mozilla/mozjpeg/issues/268", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3706-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/mozilla/mozjpeg/issues/268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3706-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-10 17:15
Modified
2024-11-21 05:46
Severity ?
Summary
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 2.0.90 | |
fedoraproject | fedora | 34 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.90:*:*:*:*:*:*:*", matchCriteriaId: "AA5809B6-0C5C-44C6-A2BF-4CE81A4D9200", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.", }, { lang: "es", value: "Libjpeg-turbo versiones 2.0.91 y 2.0.90, es susceptible a una vulnerabilidad de denegación de servicio causada por una división por cero al procesar una imagen GIF diseñada", }, ], id: "CVE-2021-20205", lastModified: "2024-11-21T05:46:07.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-10T17:15:15.033", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937385", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMLEY6HLVZAGXIOGGPPUAMRJUA6LB3FD/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TM3AHZEYGYFEDL6AW5RLEAJNVRWEJDFL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937385", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMLEY6HLVZAGXIOGGPPUAMRJUA6LB3FD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TM3AHZEYGYFEDL6AW5RLEAJNVRWEJDFL/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-369", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-07 23:29
Modified
2024-11-21 03:49
Severity ?
Summary
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | * | |
mozilla | mozjpeg | * | |
fedoraproject | fedora | 28 | |
debian | debian_linux | 8.0 | |
opensuse | leap | 15.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", matchCriteriaId: "148E14BC-8865-41F9-9704-AC4690C6AD3F", versionEndIncluding: "1.5.90", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozjpeg:*:*:*:*:*:*:*:*", matchCriteriaId: "84357B61-BF3B-413A-8F8C-8FAC19F1628C", versionEndIncluding: "3.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", matchCriteriaId: "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.", }, { lang: "es", value: "get_8bit_row en rdbmp.c en libjpeg-turbo, hasta la versión 1.5.90, y MozJPEG, hasta la versión 3.3.1, permite a los atacantes provocar una denegación de servicio (sobrelectura de búfer basada en memoria dinámica [heap]) mediante un BMP de 8-bit manipulado en el que uno o más de los índices de color está fuera de rango en para el número de entradas de paleta.", }, ], id: "CVE-2018-14498", lastModified: "2024-11-21T03:49:11.747", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-07T23:29:00.487", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2052", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:3705", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/mozilla/mozjpeg/issues/299", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4190-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:3705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/mozilla/mozjpeg/issues/299", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4190-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-18 16:15
Modified
2024-11-21 06:34
Severity ?
Summary
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2 | Patch, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", matchCriteriaId: "D00A0BE6-ADFB-43D4-97F5-DE2CEBC13FFB", versionEndIncluding: "2.0.90", versionStartExcluding: "1.5.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.", }, { lang: "es", value: "El lector PPM en libjpeg-turbo versiones hasta 2.0.90, maneja inapropiadamente el uso de tjLoadImage para cargar un archivo PPM binario de 16 bits en un búfer de escala de grises y cargar un archivo PGM binario de 16 bits en un búfer RGB. Esto está relacionado con un desbordamiento del búfer en la región heap de la memoria en la función get_word_rgb_row en rdppm.c", }, ], id: "CVE-2021-46822", lastModified: "2024-11-21T06:34:45.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-18T16:15:08.110", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-01 15:15
Modified
2024-11-21 05:08
Severity ?
Summary
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://cwe.mitre.org/data/definitions/121.html | Third Party Advisory | |
cve@mitre.org | https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/121.html | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", matchCriteriaId: "015A9E46-D87A-474E-9E74-B764FB4EBACC", versionEndExcluding: "2.0.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Libjpeg-turbo all version have a stack-based buffer overflow in the \"transform\" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.", }, { lang: "es", value: "Libjpeg-turbo todas las versiones presentan un desbordamiento de búfer en la región stack de la memoria en el componente \"transform\". Un atacante remoto puede enviar un archivo jpeg malformado al servicio y causar una ejecución de código arbitrario o una denegación del servicio objetivo", }, ], id: "CVE-2020-17541", lastModified: "2024-11-21T05:08:19.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-01T15:15:07.417", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cwe.mitre.org/data/definitions/121.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cwe.mitre.org/data/definitions/121.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-31 16:15
Modified
2024-11-21 05:27
Severity ?
Summary
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30 | Patch, Third Party Advisory | |
secalert@redhat.com | https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441 | Issue Tracking, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 2.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5130BD31-63BD-48B0-9B1C-E01B3484FD05", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.", }, { lang: "es", value: "Un archivo de entrada diseñado podría causar una desreferencia de puntero null en la función jcopy_sample_rows() cuando es procesado por libjpeg-turbo", }, ], id: "CVE-2020-35538", lastModified: "2024-11-21T05:27:31.440", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-31T16:15:09.040", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-03 19:15
Modified
2024-11-21 05:01
Severity ?
Summary
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libjpeg-turbo | libjpeg-turbo | 2.0.4 | |
mozilla | mozjpeg | 4.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "F91F79CC-B2C4-4D9E-99AA-5D6A49D41561", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozjpeg:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EA6BBD46-8949-4596-9C32-4593916A6D10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.", }, { lang: "es", value: "libjpeg-turbo versión 2.0.4, y mozjpeg versión 4.0.0, presenta una lectura excesiva del búfer en la región heap de la memoria en la función get_rgb_row() en el archivo rdppm.c por medio de un archivo de entrada PPM malformado.", }, ], id: "CVE-2020-13790", lastModified: "2024-11-21T05:01:51.687", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T19:15:10.817", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202010-03", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4386-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202010-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4386-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }