VYPR

rpm package

opensuse/libjpeg-turbo&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libjpeg-turbo&distro=openSUSE%20Tumbleweed

Vulnerabilities (9)

  • CVE-2023-2804May 25, 2023
    affected < 8.3.2-77.1fixed 8.3.2-77.1

    A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence,

  • CVE-2020-13790Jun 3, 2020
    affected < 8.2.2-65.2fixed 8.2.2-65.2

    libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

  • CVE-2018-19644Mar 27, 2019
    affected < 8.2.2-65.2fixed 8.2.2-65.2

    Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

  • CVE-2018-20330Dec 21, 2018
    affected < 8.2.2-65.2fixed 8.2.2-65.2

    The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.

  • CVE-2018-19664Nov 29, 2018
    affected < 8.2.2-65.2fixed 8.2.2-65.2

    libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.

  • CVE-2018-1152MedJun 18, 2018
    affected < 8.2.2-65.2fixed 8.2.2-65.2

    libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

  • CVE-2018-11813HigJun 6, 2018
    affected < 8.2.2-65.2fixed 8.2.2-65.2

    libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

  • CVE-2017-15232MedOct 11, 2017
    affected < 8.2.2-65.2fixed 8.2.2-65.2

    libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

  • CVE-2014-9092MedOct 10, 2017
    affected < 8.1.2-40.2fixed 8.1.2-40.2

    libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.