Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-29390

Опубликовано: 22 авг. 2023
Источник: redhat
CVSS3: 7.1
EPSS Низкий

Описание

libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.

A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.

Отчет

The amount of memory read is very small and not controllable by an attacker, which lowers the impact of this flaw to Moderate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libjpeg-turboOut of support scope
Red Hat Enterprise Linux 7libjpeg-turboOut of support scope
Red Hat Enterprise Linux 8libjpeg-turboNot affected
Red Hat Enterprise Linux 9libjpeg-turboFixedRHSA-2024:229530.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2235521libjpeg-turbo: heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c

EPSS

Процентиль: 16%
0.00053
Низкий

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-29390

CVSS3: 7.1
ubuntu
почти 2 года назад

libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.

nvd логотип

CVE-2021-29390

CVSS3: 7.1
nvd
почти 2 года назад

libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.

debian логотип

CVE-2021-29390

CVSS3: 7.1
debian
почти 2 года назад

libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 byte ...

rocky логотип

RLSA-2024:2295

rocky
больше 1 года назад

Moderate: libjpeg-turbo security update

github логотип

GHSA-3f9q-r2pw-87vm

CVSS3: 9.8
github
почти 2 года назад

libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c.

EPSS

Процентиль: 16%
0.00053
Низкий

7.1 High

CVSS3