Описание
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-13790
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
- https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK
- https://security.gentoo.org/glsa/202010-03
- https://usn.ubuntu.com/4386-1
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html
EPSS
Процентиль: 67%
0.00547
Низкий
CVE ID
Связанные уязвимости
CVSS3: 8.1
ubuntu
около 5 лет назад
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
CVSS3: 8.1
redhat
около 5 лет назад
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
CVSS3: 8.1
nvd
около 5 лет назад
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
CVSS3: 8.1
debian
около 5 лет назад
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...
EPSS
Процентиль: 67%
0.00547
Низкий