CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19664 – Ubuntu Security Notice USN-4190-1
https://notcve.org/view.php?id=CVE-2018-19664
29 Nov 2018 — libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. libjpeg-turbo 2.0.1 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en la función put_pixel_rows en wrbmp.c, tal y como queda demostrado con djpeg. It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was ... • https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1152
https://notcve.org/view.php?id=CVE-2018-1152
18 Jun 2018 — libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. libjpeg-turbo 1.5.90 es vulnerable a una denegación de servicio (DoS) provocada por una división entre cero al procesar una imagen BMP manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15232
https://notcve.org/view.php?id=CVE-2017-15232
11 Oct 2017 — libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. libjpeg-turbo 1.5.2 tiene una desreferencia de puntero NULL en jdpostct.c y jquant1.c mediante un archivo JPEG manipulado. • https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-3616 – libjpeg: null pointer dereference in cjpeg
https://notcve.org/view.php?id=CVE-2016-3616
13 Feb 2017 — The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. La utilidad cjpeg en libjpeg permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) o ejecutar código arbitrario a través de un archivo manipulado. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs... • https://access.redhat.com/errata/RHSA-2019:2052 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2014-9092 – Mandriva Linux Security Advisory 2015-014
https://notcve.org/view.php?id=CVE-2014-9092
08 Jan 2015 — libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. libjpeg-turbo en versiones anteriores a la 1.3.1 permite que atacantes remotos causen una denegación de servicio (cierre inesperado) mediante un archivo JPEG manipulado, relacionado con el marcador Exif. USN-3706-1 fixed a vulnerability in libjpeg-turbo. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libjpeg-turbo incorrectly... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 0CVE-2013-6629 – libjpeg: information leak (read of uninitialized memory)
https://notcve.org/view.php?id=CVE-2013-6629
12 Nov 2013 — The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. La función get_sos de jdmarker.c en libjpeg 6b y libjpeg-turbo hasta la versión 1.3.... • http://advisories.mageia.org/MGASA-2013-0333.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •