Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (8)
| Vulnerability |
Summary |
Aliases |
|
VCID-9ewc-ttxk-eufx
|
Out-of-bounds Write
libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c.
|
CVE-2021-29390
|
|
VCID-b91f-d2h1-8ya5
|
Out-of-bounds Write
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.
|
CVE-2023-2804
|
|
VCID-bz3a-w43e-y7fb
|
libjpeg-turbo: DoS via open crafted GIF
|
CVE-2021-20205
|
|
VCID-ed2r-h2fk-kqfq
|
A vulnerability in libjpeg-turbo could result in execution of
arbitrary code or Denial of Service.
|
CVE-2012-2806
|
|
VCID-qbwh-xe67-rkdu
|
libjpeg-turbo: heap-based buffer overflow in tjLoadImage
|
CVE-2018-20330
|
|
VCID-uu2t-7ffz-j7bm
|
libjpeg-turbo: heap-based buffer over-read in the put_pixel_rows function in wrbmp.c
|
CVE-2018-19664
|
|
VCID-wejg-2zp8-1yd3
|
libjpeg: out-of-bounds read for certain table pointers in jdhuff.c
|
CVE-2020-14153
|
|
VCID-y4q6-9s32-rkej
|
A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.
|
CVE-2016-6702
|