CVE-2020-14152

Опубликовано: 15 июн. 2020

Источник: debian

Описание

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libjpeg9	fixed	1:9d-1		package
libjpeg-turbo	fixed	1:1.5.2-1		package
libjpeg-turbo	no-dsa		jessie	package

Примечания

https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933

Связанные уязвимости

CVE-2020-14152

CVSS3: 7.1

ubuntu

больше 5 лет назад

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

CVE-2020-14152

CVSS3: 7.1

redhat

больше 5 лет назад

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

CVE-2020-14152

CVSS3: 7.1

nvd

больше 5 лет назад

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

CVE-2020-14152

CVSS3: 7.1

msrc

11 месяцев назад

Описание отсутствует

GHSA-q4xh-9r6f-9fg6

CVSS3: 7.1

github

больше 3 лет назад

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.