CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35538 – Ubuntu Security Notice USN-5631-1
https://notcve.org/view.php?id=CVE-2020-35538
31 Aug 2022 — A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. Un archivo de entrada diseñado podría causar una desreferencia de puntero null en la función jcopy_sample_rows() cuando es procesado por libjpeg-turbo It was discovered that libjpeg-turbo incorrectly handled certain EOF characters. An attacker could possibly use this issue to cause libjpeg-turbo to consume resource, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. It ... • https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46822 – libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c
https://notcve.org/view.php?id=CVE-2021-46822
18 Jun 2022 — The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. El lector PPM en libjpeg-turbo versiones hasta 2.0.90, maneja inapropiadamente el uso de tjLoadImage para cargar un archivo PPM binario de 16 bits en un búfer de escala de grises y cargar un archivo PGM binario de 16 bits en... • https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •