Vendor CVEs
Libjpeg Turbo
All CVEs
27 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9614 | Hig | 0.61 | 8.8 | 0.08 | Jul 27, 2017 | The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a… | ||
| CVE-2016-3616 | Hig | 0.58 | 8.8 | 0.04 | Feb 13, 2017 | The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. | ||
| CVE-2012-2806 | Hig | 0.58 | 8.8 | 0.05 | Aug 13, 2012 | Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image. | ||
| CVE-2018-11813 | Hig | 0.49 | 7.5 | 0.03 | Jun 6, 2018 | libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. | ||
| CVE-2014-9092 | Med | 0.43 | 6.5 | 0.03 | Oct 10, 2017 | libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | ||
| CVE-2018-11214 | Med | 0.42 | 6.5 | 0.02 | May 16, 2018 | An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | ||
| CVE-2018-11213 | Med | 0.42 | 6.5 | 0.03 | May 16, 2018 | An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | ||
| CVE-2018-10126 | Med | 0.42 | 6.5 | 0.02 | Apr 21, 2018 | ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. | ||
| CVE-2017-15232 | Med | 0.42 | 6.5 | 0.02 | Oct 11, 2017 | libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. | ||
| CVE-2013-6629 | 0.01 | — | 0.10 | Nov 19, 2013 | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of… | |||
| CVE-2021-29390 | 0.00 | — | 0.01 | Aug 22, 2023 | libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. | |||
| CVE-2023-2804 | 0.00 | — | 0.01 | May 25, 2023 | A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range,… | |||
| CVE-2020-35538 | 0.00 | — | 0.00 | Aug 31, 2022 | A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. | |||
| CVE-2022-37768 | 0.00 | — | 0.01 | Aug 18, 2022 | libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer. | |||
| CVE-2021-46822 | 0.00 | — | 0.01 | Jun 18, 2022 | The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in… | |||
| CVE-2022-31796 | 0.00 | — | 0.01 | May 29, 2022 | libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. | |||
| CVE-2021-37972 | 0.00 | — | 0.02 | Oct 8, 2021 | Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39519 | 0.00 | — | 0.01 | Sep 20, 2021 | An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service. | |||
| CVE-2020-17541 | 0.00 | — | 0.03 | Jun 1, 2021 | Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. | |||
| CVE-2021-20205 | 0.00 | — | 0.01 | Mar 10, 2021 | Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. | |||
| CVE-2020-13790 | 0.00 | — | 0.03 | Jun 3, 2020 | libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | |||
| CVE-2019-13960 | 0.00 | — | 0.01 | Jul 18, 2019 | In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of… | |||
| CVE-2018-14498 | 0.00 | — | 0.03 | Mar 7, 2019 | get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of… | |||
| CVE-2018-20330 | 0.00 | — | 0.02 | Dec 21, 2018 | The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench. | |||
| CVE-2018-19664 | 0.00 | — | 0.02 | Nov 29, 2018 | libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. | |||
| CVE-2018-1152 | Med | 0.00 | 6.5 | 0.03 | Jun 18, 2018 | libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. | ||
| CVE-2013-6630 | 0.00 | — | 0.02 | Nov 19, 2013 | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers,… |
- risk 0.61cvss 8.8epss 0.08
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a…
- risk 0.58cvss 8.8epss 0.04
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
- risk 0.58cvss 8.8epss 0.05
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
- risk 0.49cvss 7.5epss 0.03
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
- risk 0.43cvss 6.5epss 0.03
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
- risk 0.42cvss 6.5epss 0.03
An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.
- risk 0.42cvss 6.5epss 0.02
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
- CVE-2013-6629Nov 19, 2013risk 0.01cvss —epss 0.10
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of…
- CVE-2021-29390Aug 22, 2023risk 0.00cvss —epss 0.01
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
- CVE-2023-2804May 25, 2023risk 0.00cvss —epss 0.01
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range,…
- CVE-2020-35538Aug 31, 2022risk 0.00cvss —epss 0.00
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
- CVE-2022-37768Aug 18, 2022risk 0.00cvss —epss 0.01
libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.
- CVE-2021-46822Jun 18, 2022risk 0.00cvss —epss 0.01
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in…
- CVE-2022-31796May 29, 2022risk 0.00cvss —epss 0.01
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.
- CVE-2021-37972Oct 8, 2021risk 0.00cvss —epss 0.02
Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-39519Sep 20, 2021risk 0.00cvss —epss 0.01
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service.
- CVE-2020-17541Jun 1, 2021risk 0.00cvss —epss 0.03
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
- CVE-2021-20205Mar 10, 2021risk 0.00cvss —epss 0.01
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.
- CVE-2020-13790Jun 3, 2020risk 0.00cvss —epss 0.03
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
- CVE-2019-13960Jul 18, 2019risk 0.00cvss —epss 0.01
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of…
- CVE-2018-14498Mar 7, 2019risk 0.00cvss —epss 0.03
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of…
- CVE-2018-20330Dec 21, 2018risk 0.00cvss —epss 0.02
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
- CVE-2018-19664Nov 29, 2018risk 0.00cvss —epss 0.02
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.
- risk 0.00cvss 6.5epss 0.03
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
- CVE-2013-6630Nov 19, 2013risk 0.00cvss —epss 0.02
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers,…