Libjpeg
by Luadist
Source repositories
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6702 | Hig | 0.51 | 7.8 | 0.00 | Nov 25, 2016 | A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due… | ||
| CVE-2023-37836 | 0.00 | — | 0.00 | Jul 13, 2023 | libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||
| CVE-2023-37837 | 0.00 | — | 0.00 | Jul 13, 2023 | libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||
| CVE-2022-37770 | 0.00 | — | 0.00 | Aug 18, 2022 | libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||
| CVE-2022-37769 | 0.00 | — | 0.00 | Aug 18, 2022 | libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||
| CVE-2022-35166 | 0.00 | — | 0.00 | Aug 18, 2022 | libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal. | |||
| CVE-2022-32978 | 0.00 | — | 0.00 | Jun 10, 2022 | There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. | |||
| CVE-2022-32201 | 0.00 | — | 0.00 | Jun 1, 2022 | In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. | |||
| CVE-2022-32202 | 0.00 | — | 0.00 | Jun 1, 2022 | In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. | |||
| CVE-2022-31620 | 0.00 | — | 0.00 | May 25, 2022 | In libjpeg before 1.64, BitStream::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan. | |||
| CVE-2021-39518 | 0.00 | — | 0.00 | Sep 20, 2021 | An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer overflow. | |||
| CVE-2021-39517 | 0.00 | — | 0.00 | Sep 20, 2021 | An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service. | |||
| CVE-2021-39514 | 0.00 | — | 0.00 | Sep 20, 2021 | An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service. | |||
| CVE-2021-39520 | 0.00 | — | 0.00 | Sep 20, 2021 | An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service. | |||
| CVE-2020-14152 | 0.00 | — | 0.01 | Jun 15, 2020 | In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. | |||
| CVE-2020-14153 | 0.00 | — | 0.00 | Jun 15, 2020 | In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers. | |||
| CVE-2018-11214 | 0.00 | — | 0.01 | May 16, 2018 | An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. |
- risk 0.51cvss 7.8epss 0.00
A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due…
- CVE-2023-37836Jul 13, 2023risk 0.00cvss —epss 0.00
libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2023-37837Jul 13, 2023risk 0.00cvss —epss 0.00
libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2022-37770Aug 18, 2022risk 0.00cvss —epss 0.00
libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2022-37769Aug 18, 2022risk 0.00cvss —epss 0.00
libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2022-35166Aug 18, 2022risk 0.00cvss —epss 0.00
libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.
- CVE-2022-32978Jun 10, 2022risk 0.00cvss —epss 0.00
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.
- CVE-2022-32201Jun 1, 2022risk 0.00cvss —epss 0.00
In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.
- CVE-2022-32202Jun 1, 2022risk 0.00cvss —epss 0.00
In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.
- CVE-2022-31620May 25, 2022risk 0.00cvss —epss 0.00
In libjpeg before 1.64, BitStream::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.
- CVE-2021-39518Sep 20, 2021risk 0.00cvss —epss 0.00
An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer overflow.
- CVE-2021-39517Sep 20, 2021risk 0.00cvss —epss 0.00
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.
- CVE-2021-39514Sep 20, 2021risk 0.00cvss —epss 0.00
An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service.
- CVE-2021-39520Sep 20, 2021risk 0.00cvss —epss 0.00
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.
- CVE-2020-14152Jun 15, 2020risk 0.00cvss —epss 0.01
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
- CVE-2020-14153Jun 15, 2020risk 0.00cvss —epss 0.00
In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.
- CVE-2018-11214May 16, 2018risk 0.00cvss —epss 0.01
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.