CPE Details
libjpeg-turbo 2.0.2
2.0.2
2019-06-14
15h52 +00:00
15h52 +00:00
2019-06-14
15h52 +00:00
15h52 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.2:*:*:*:*:*:*:*
Informations
Vendor
libjpeg-turboProduct
libjpeg-turboVersion
2.0.2Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. | 5.5 |
Medium |
||
| Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. | 8.8 |
High |
||
| In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes | 5.5 |
Medium |
2025©
tesweb SA
