CVE-2020-17541

Опубликовано: 01 июн. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

Ссылки

https://cwe.mitre.org/data/definitions/121.html
Third Party Advisory
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392
Exploit
Issue Tracking
Patch
Third Party Advisory
https://cwe.mitre.org/data/definitions/121.html
Third Party Advisory
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*

Версия до 2.0.4 (исключая)

EPSS

Процентиль: 68%

0.00564

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2020-17541

CVSS3: 8.8

ubuntu

около 4 лет назад

CVE-2020-17541

CVSS3: 8.8

redhat

около 4 лет назад

CVE-2020-17541

CVSS3: 8.8

msrc

около 4 лет назад

Описание отсутствует

CVE-2020-17541

CVSS3: 8.8

debian

около 4 лет назад

Libjpeg-turbo all version have a stack-based buffer overflow in the "t ...

openSUSE-SU-2021:1958-1

suse-cvrf

около 4 лет назад

Security update for libjpeg-turbo

EPSS

Процентиль: 68%

0.00564

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787