Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-46822

Опубликовано: 07 апр. 2021
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.

Отчет

The only way that users could potentially encounter these issues is through the tjLoadImage() function. TJBench and cjpeg are unaffected. RHEL-8 ships libjpeg-turbo v1.5.3 which does not include vulnerable tjLoadImage() functionality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libjpeg-turboNot affected
Red Hat Enterprise Linux 7libjpeg-turboNot affected
Red Hat Enterprise Linux 8libjpeg-turboNot affected
Red Hat Enterprise Linux 9libjpeg-turboFixedRHSA-2023:106806.03.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2100044libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c

EPSS

Процентиль: 18%
0.00058
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-46822

CVSS3: 5.5
ubuntu
около 3 лет назад

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

nvd логотип

CVE-2021-46822

CVSS3: 5.5
nvd
около 3 лет назад

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

msrc логотип

CVE-2021-46822

CVSS3: 5.5
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2021-46822

CVSS3: 5.5
debian
около 3 лет назад

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoa ...

rocky логотип

RLSA-2023:1068

rocky
больше 2 лет назад

Moderate: libjpeg-turbo security update

EPSS

Процентиль: 18%
0.00058
Низкий

5.5 Medium

CVSS3