CVE-2020-13790

Опубликовано: 03 июн. 2020

Источник: debian

Описание

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

Пакет	Статус	Версия исправления	Релиз	Тип
libjpeg-turbo	fixed	1:2.0.5-1		package
libjpeg-turbo	fixed	1:1.5.2-2+deb10u1	buster	package
libjpeg-turbo	ignored		jessie	package

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x)
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x)

CVE-2020-13790

CVSS3: 8.1

ubuntu

около 5 лет назад

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

CVE-2020-13790

CVSS3: 8.1

redhat

около 5 лет назад

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

CVE-2020-13790

CVSS3: 8.1

nvd

около 5 лет назад

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

openSUSE-SU-2020:1458-1

suse-cvrf

почти 5 лет назад

Security update for libjpeg-turbo

openSUSE-SU-2020:1413-1

suse-cvrf

почти 5 лет назад

Security update for libjpeg-turbo