Unrated severityNVD Advisory· Published Jun 3, 2020· Updated Aug 4, 2024
CVE-2020-13790
CVE-2020-13790
Description
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27- libjpeg-turbo/libjpeg-turbodescription
- Range: =2.0.4
- osv-coords24 versionspkg:rpm/almalinux/libjpeg-turbopkg:rpm/almalinux/libjpeg-turbo-develpkg:rpm/almalinux/libjpeg-turbo-utilspkg:rpm/almalinux/turbojpegpkg:rpm/almalinux/turbojpeg-develpkg:rpm/opensuse/libjpeg62-turbo&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libjpeg62-turbo&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libjpeg-turbo&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libjpeg-turbo&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libjpeg-turbo&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libjpeg62-turbo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libjpeg62-turbo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/libjpeg62-turbo&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libjpeg62-turbo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libjpeg62-turbo&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libjpeg-turbo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libjpeg-turbo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/libjpeg-turbo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/libjpeg-turbo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/libjpeg-turbo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/libjpeg-turbo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/libjpeg-turbo&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libjpeg-turbo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libjpeg-turbo&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 1.5.3-14.el8_10+ 23 more
- (no CPE)range: < 1.5.3-14.el8_10
- (no CPE)range: < 1.5.3-14.el8_10
- (no CPE)range: < 1.5.3-14.el8_10
- (no CPE)range: < 1.5.3-14.el8_10
- (no CPE)range: < 1.5.3-14.el8_10
- (no CPE)range: < 1.5.3-lp151.6.6.1
- (no CPE)range: < 1.5.3-lp152.8.3.1
- (no CPE)range: < 1.5.3-lp151.6.6.1
- (no CPE)range: < 1.5.3-lp152.8.3.1
- (no CPE)range: < 8.2.2-65.2
- (no CPE)range: < 1.5.3-5.15.7
- (no CPE)range: < 1.5.3-5.15.7
- (no CPE)range: < 1.5.3-31.22.2
- (no CPE)range: < 1.5.3-31.22.2
- (no CPE)range: < 1.5.3-31.22.2
- (no CPE)range: < 1.5.3-5.15.7
- (no CPE)range: < 1.5.3-5.15.7
- (no CPE)range: < 1.5.3-5.15.7
- (no CPE)range: < 1.5.3-5.15.7
- (no CPE)range: < 1.5.3-5.15.7
- (no CPE)range: < 1.5.3-5.15.7
- (no CPE)range: < 1.5.3-31.22.2
- (no CPE)range: < 1.5.3-31.22.2
- (no CPE)range: < 1.5.3-31.22.2
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202010-03mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4386-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09amitrex_refsource_MISC
- github.com/libjpeg-turbo/libjpeg-turbo/issues/433mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/07/msg00033.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.