VYPR

Libjpeg Turbo

by Libjpeg Turbo

Source repositories

CVEs (27)

  • CVE-2017-9614HigJul 27, 2017
    risk 0.61cvss 8.8epss 0.08

    The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a…

  • CVE-2016-3616HigFeb 13, 2017
    risk 0.58cvss 8.8epss 0.04

    The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

  • CVE-2012-2806HigAug 13, 2012
    risk 0.58cvss 8.8epss 0.05

    Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.

  • CVE-2018-11813HigJun 6, 2018
    risk 0.49cvss 7.5epss 0.03

    libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

  • CVE-2014-9092MedOct 10, 2017
    risk 0.43cvss 6.5epss 0.03

    libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

  • CVE-2018-11214MedMay 16, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

  • CVE-2018-11213MedMay 16, 2018
    risk 0.42cvss 6.5epss 0.03

    An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

  • CVE-2018-10126MedApr 21, 2018
    risk 0.42cvss 6.5epss 0.02

    ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

  • CVE-2017-15232MedOct 11, 2017
    risk 0.42cvss 6.5epss 0.02

    libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

  • CVE-2013-6629Nov 19, 2013
    risk 0.01cvss epss 0.10

    The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of…

  • CVE-2021-29390Aug 22, 2023
    risk 0.00cvss epss 0.01

    libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.

  • CVE-2023-2804May 25, 2023
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range,…

  • CVE-2020-35538Aug 31, 2022
    risk 0.00cvss epss 0.00

    A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.

  • CVE-2022-37768Aug 18, 2022
    risk 0.00cvss epss 0.01

    libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.

  • CVE-2021-46822Jun 18, 2022
    risk 0.00cvss epss 0.01

    The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in…

  • CVE-2022-31796May 29, 2022
    risk 0.00cvss epss 0.01

    libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.

  • CVE-2021-37972Oct 8, 2021
    risk 0.00cvss epss 0.02

    Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-39519Sep 20, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service.

  • CVE-2020-17541Jun 1, 2021
    risk 0.00cvss epss 0.03

    Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

  • CVE-2021-20205Mar 10, 2021
    risk 0.00cvss epss 0.01

    Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.

Page 1 of 2