Search CVE reports
31 – 40 of 46 results
Some fixes available 2 of 3
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
1 affected package
libjpeg-turbo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg-turbo | — | — | — | Not affected |
Some fixes available 2 of 3
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.
1 affected package
libjpeg-turbo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg-turbo | — | — | — | Not affected |
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
1 affected package
libjpeg-turbo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg-turbo | — | — | — | Fixed |
Some fixes available 6 of 24
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
3 affected packages
libjpeg6b, libjpeg-turbo, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg6b | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libjpeg-turbo | Not affected | Not affected | Not affected | Fixed |
| libjpeg9 | Not affected | Not affected | Not affected | Vulnerable |
Some fixes available 4 of 23
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
3 affected packages
libjpeg6b, libjpeg-turbo, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg6b | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Vulnerable |
Some fixes available 4 of 23
An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
3 affected packages
libjpeg6b, libjpeg-turbo, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg6b | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Vulnerable |
Some fixes available 4 of 23
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
3 affected packages
libjpeg6b, libjpeg9, libjpeg-turbo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg6b | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libjpeg9 | Not affected | Not affected | Not affected | Vulnerable |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected |
ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.
4 affected packages
tiff, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tiff | Not affected | Not affected | Not affected | Not affected |
| libjpeg-turbo | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libjpeg6b | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libjpeg9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 2 of 3
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
1 affected package
libjpeg-turbo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg-turbo | — | — | — | Fixed |
Some fixes available 1 of 5
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
1 affected package
libjpeg-turbo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg-turbo | — | — | — | Not affected |