libjpeg-turbo 1.5.90

CPE Details

libjpeg-turbo 1.5.90
libjpeg-turbo
libjpeg-turbo
1.5.90
2019-06-14
15h52 +00:00
2019-06-14
15h52 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*

Informations

Vendor

libjpeg-turbo

Product

libjpeg-turbo

Version

1.5.90

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-46822 2022-06-18 13h27 +00:00 The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.
5.5
Medium
CVE-2020-17541 2021-06-01 12h44 +00:00 Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
8.8
High
CVE-2018-14498 2019-03-07 21h00 +00:00 get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
6.5
Medium
CVE-2018-1152 2018-06-18 14h00 +00:00 libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
6.5
Medium