Libjpeg Turbo
Source repositories
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9614 | Hig | 0.61 | 8.8 | 0.08 | Jul 27, 2017 | The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a… | ||
| CVE-2016-3616 | Hig | 0.58 | 8.8 | 0.04 | Feb 13, 2017 | The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. | ||
| CVE-2012-2806 | Hig | 0.58 | 8.8 | 0.05 | Aug 13, 2012 | Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image. | ||
| CVE-2018-11813 | Hig | 0.49 | 7.5 | 0.03 | Jun 6, 2018 | libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. | ||
| CVE-2014-9092 | Med | 0.43 | 6.5 | 0.03 | Oct 10, 2017 | libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | ||
| CVE-2018-11214 | Med | 0.42 | 6.5 | 0.02 | May 16, 2018 | An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | ||
| CVE-2018-11213 | Med | 0.42 | 6.5 | 0.03 | May 16, 2018 | An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | ||
| CVE-2018-10126 | Med | 0.42 | 6.5 | 0.02 | Apr 21, 2018 | ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. | ||
| CVE-2017-15232 | Med | 0.42 | 6.5 | 0.02 | Oct 11, 2017 | libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. | ||
| CVE-2013-6629 | 0.01 | — | 0.10 | Nov 19, 2013 | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of… | |||
| CVE-2021-29390 | 0.00 | — | 0.01 | Aug 22, 2023 | libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. | |||
| CVE-2023-2804 | 0.00 | — | 0.01 | May 25, 2023 | A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range,… | |||
| CVE-2020-35538 | 0.00 | — | 0.00 | Aug 31, 2022 | A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. | |||
| CVE-2022-37768 | 0.00 | — | 0.01 | Aug 18, 2022 | libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer. | |||
| CVE-2021-46822 | 0.00 | — | 0.01 | Jun 18, 2022 | The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in… | |||
| CVE-2022-31796 | 0.00 | — | 0.01 | May 29, 2022 | libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. | |||
| CVE-2021-37972 | 0.00 | — | 0.02 | Oct 8, 2021 | Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39519 | 0.00 | — | 0.01 | Sep 20, 2021 | An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service. | |||
| CVE-2020-17541 | 0.00 | — | 0.03 | Jun 1, 2021 | Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. | |||
| CVE-2021-20205 | 0.00 | — | 0.01 | Mar 10, 2021 | Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. |
- risk 0.61cvss 8.8epss 0.08
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a…
- risk 0.58cvss 8.8epss 0.04
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
- risk 0.58cvss 8.8epss 0.05
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
- risk 0.49cvss 7.5epss 0.03
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
- risk 0.43cvss 6.5epss 0.03
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
- risk 0.42cvss 6.5epss 0.03
An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.
- risk 0.42cvss 6.5epss 0.02
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
- CVE-2013-6629Nov 19, 2013risk 0.01cvss —epss 0.10
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of…
- CVE-2021-29390Aug 22, 2023risk 0.00cvss —epss 0.01
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
- CVE-2023-2804May 25, 2023risk 0.00cvss —epss 0.01
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range,…
- CVE-2020-35538Aug 31, 2022risk 0.00cvss —epss 0.00
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
- CVE-2022-37768Aug 18, 2022risk 0.00cvss —epss 0.01
libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.
- CVE-2021-46822Jun 18, 2022risk 0.00cvss —epss 0.01
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in…
- CVE-2022-31796May 29, 2022risk 0.00cvss —epss 0.01
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.
- CVE-2021-37972Oct 8, 2021risk 0.00cvss —epss 0.02
Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-39519Sep 20, 2021risk 0.00cvss —epss 0.01
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service.
- CVE-2020-17541Jun 1, 2021risk 0.00cvss —epss 0.03
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
- CVE-2021-20205Mar 10, 2021risk 0.00cvss —epss 0.01
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.
Page 1 of 2