CVE search results

21 – 30 of 46 results

Detailed view

Sort by:

CVE-2020-17541

Low priority

Some fixes available 4 of 5

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

1 affected package

libjpeg-turbo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libjpeg-turbo	—	Not affected	Fixed	Fixed

CVE-2021-20205

Low priority

Not affected

Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.

1 affected package

libjpeg-turbo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libjpeg-turbo	—	—	Not affected	Not affected

CVE-2021-0384

Low priority

Not affected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

1 affected package

libjpeg-turbo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libjpeg-turbo	—	—	Not affected	Not affected

CVE-2020-14153

Low priority

Some fixes available 1 of 8

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.

3 affected packages

libjpeg6b, libjpeg-turbo, libjpeg9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libjpeg6b	Not affected	Not affected	Not affected	Not affected
libjpeg-turbo	Not affected	Not affected	Not affected	Not affected
libjpeg9	Not affected	Not affected	Not affected	Vulnerable

CVE-2020-14152

Low priority

Some fixes available 5 of 20

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

3 affected packages

libjpeg-turbo, libjpeg9, libjpeg6b

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libjpeg-turbo	Not affected	Not affected	Not affected	Not affected
libjpeg9	Not affected	Not affected	Not affected	Vulnerable
libjpeg6b	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2020-14151

Low priority

Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11813. Reason: This candidate is a duplicate of CVE-2018-11813. Notes: All CVE users should reference [ID] instead of this candidate. All references and...

3 affected packages

libjpeg-turbo, libjpeg6b, libjpeg9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libjpeg-turbo	—	—	Not affected	Not affected
libjpeg6b	—	—	Not affected	Not affected
libjpeg9	—	—	Not affected	Not affected

CVE-2020-13790

Medium priority

Fixed

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

1 affected package

libjpeg-turbo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libjpeg-turbo	—	—	Fixed	Fixed

CVE-2019-2201

Medium priority

Fixed

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution...

1 affected package

libjpeg-turbo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libjpeg-turbo	—	—	—	Fixed

CVE-2019-13960

Negligible priority

Ignored

In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in...

1 affected package

libjpeg-turbo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libjpeg-turbo	—	—	Not affected	Not affected

CVE-2018-14498

Low priority

Some fixes available 3 of 4

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of...

1 affected package

libjpeg-turbo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libjpeg-turbo	—	Not affected	Not affected	Fixed

Export to JSON

Results by page:

Search CVE reports