CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19664
https://notcve.org/view.php?id=CVE-2018-19664
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. libjpeg-turbo 2.0.1 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en la función put_pixel_rows en wrbmp.c, tal y como queda demostrado con djpeg. • https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305 https://usn.ubuntu.com/4190-1 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1152
https://notcve.org/view.php?id=CVE-2018-1152
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. libjpeg-turbo 1.5.90 es vulnerable a una denegación de servicio (DoS) provocada por una división entre cero al procesar una imagen BMP manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html http://www.securityfocus.com/bid/104543 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6 https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html https://usn.ubuntu.com/3706-1 https://usn.ubuntu.com/3706-2 https://www.tenab • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15232
https://notcve.org/view.php?id=CVE-2017-15232
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. libjpeg-turbo 1.5.2 tiene una desreferencia de puntero NULL en jdpostct.c y jquant1.c mediante un archivo JPEG manipulado. • https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182 https://github.com/mozilla/mozjpeg/issues/268 https://usn.ubuntu.com/3706-1 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-3616 – libjpeg: null pointer dereference in cjpeg
https://notcve.org/view.php?id=CVE-2016-3616
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. La utilidad cjpeg en libjpeg permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) o ejecutar código arbitrario a través de un archivo manipulado. • https://access.redhat.com/errata/RHSA-2019:2052 https://bugzilla.redhat.com/show_bug.cgi?id=1318509 https://bugzilla.redhat.com/show_bug.cgi?id=1319661 https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html https://usn.ubuntu.com/3706-1 https://usn.ubuntu.com/3706-2 https://access.redhat.com/security/cve/CVE-2016-3616 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2014-9092
https://notcve.org/view.php?id=CVE-2014-9092
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. libjpeg-turbo en versiones anteriores a la 1.3.1 permite que atacantes remotos causen una denegación de servicio (cierre inesperado) mediante un archivo JPEG manipulado, relacionado con el marcador Exif. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f http://www.openwall.com/lists/oss-security/2014/11/26/8 http://www.securityfocus.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •