Libjpeg Turbo
Source repositories
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-13790 | 0.00 | — | 0.03 | Jun 3, 2020 | libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | |||
| CVE-2019-13960 | 0.00 | — | 0.01 | Jul 18, 2019 | In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of… | |||
| CVE-2018-14498 | 0.00 | — | 0.03 | Mar 7, 2019 | get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of… | |||
| CVE-2018-20330 | 0.00 | — | 0.02 | Dec 21, 2018 | The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench. | |||
| CVE-2018-19664 | 0.00 | — | 0.02 | Nov 29, 2018 | libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. | |||
| CVE-2018-1152 | Med | 0.00 | 6.5 | 0.03 | Jun 18, 2018 | libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. | ||
| CVE-2013-6630 | 0.00 | — | 0.02 | Nov 19, 2013 | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers,… |
- CVE-2020-13790Jun 3, 2020risk 0.00cvss —epss 0.03
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
- CVE-2019-13960Jul 18, 2019risk 0.00cvss —epss 0.01
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of…
- CVE-2018-14498Mar 7, 2019risk 0.00cvss —epss 0.03
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of…
- CVE-2018-20330Dec 21, 2018risk 0.00cvss —epss 0.02
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
- CVE-2018-19664Nov 29, 2018risk 0.00cvss —epss 0.02
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.
- risk 0.00cvss 6.5epss 0.03
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
- CVE-2013-6630Nov 19, 2013risk 0.00cvss —epss 0.02
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers,…
Page 2 of 2