CVE-2022-31796

Опубликовано: 02 июн. 2022

Источник: debian

Описание

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libjpeg	fixed	0.0~git20220615.842c7ba-1		package

Примечания

https://github.com/thorfdbg/libjpeg/issues/71
https://github.com/thorfdbg/libjpeg/commit/187035b9726710b4fe11d565c7808975c930895d
Crash in CLI tool, no security impact

Связанные уязвимости

CVE-2022-31796

CVSS3: 6.5

ubuntu

больше 3 лет назад

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.

CVE-2022-31796

CVSS3: 6.5

nvd

больше 3 лет назад

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.

GHSA-hxpg-2x22-5xr4

CVSS3: 6.5

github

больше 3 лет назад

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.