CVE-2020-13790

Опубликовано: 25 мая 2020

Источник: redhat

CVSS3: 8.1

EPSS Низкий

Описание

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

A vulnerability was found in libjpeg-turbo, where a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

Отчет

This vulnerability is rated as a moderate because a heap-based buffer over-read exists in the get_rgb_row() function within rdppm.c when processing a malformed PPM input file, this issue may lead to information leakage or crashes, it does not inherently allow code execution or privilege escalation.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libjpeg-turbo	Out of support scope
Red Hat Enterprise Linux 7	libjpeg-turbo	Will not fix
Red Hat Enterprise Linux 8	libjpeg-turbo	Fixed	RHSA-2025:7540	14.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1847155libjpeg-turbo: heap-based buffer over-read in get_rgb_row() in rdppm.c

EPSS

Процентиль: 65%

0.00483

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2020-13790

CVSS3: 8.1

ubuntu

почти 6 лет назад

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

CVE-2020-13790

CVSS3: 8.1

nvd

почти 6 лет назад

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

CVE-2020-13790

CVSS3: 8.1

debian

почти 6 лет назад

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...

openSUSE-SU-2020:1458-1

suse-cvrf

больше 5 лет назад

Security update for libjpeg-turbo

openSUSE-SU-2020:1413-1

suse-cvrf

больше 5 лет назад

Security update for libjpeg-turbo

EPSS

Процентиль: 65%

0.00483

Низкий

8.1 High

CVSS3