CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-17541 – libjpeg-turbo: Stack-based buffer overflow in the "transform" component
https://notcve.org/view.php?id=CVE-2020-17541
01 Jun 2021 — Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. Libjpeg-turbo todas las versiones presentan un desbordamiento de búfer en la región stack de la memoria en el componente "transform". Un atacante remoto puede enviar un archivo jpeg malformado al servicio y causar una ejecución de código arbitrario o una denegación del servicio... • https://cwe.mitre.org/data/definitions/121.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 2CVE-2018-14498 – libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service
https://notcve.org/view.php?id=CVE-2018-14498
07 Mar 2019 — get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. get_8bit_row en rdbmp.c en libjpeg-turbo, hasta la versión 1.5.90, y MozJPEG, hasta la versión 3.3.1, permite a los atacantes provocar una denegación de servicio (sobrelectura de búfer basada en memoria dinámica [he... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2014-9092 – Mandriva Linux Security Advisory 2015-014
https://notcve.org/view.php?id=CVE-2014-9092
08 Jan 2015 — libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. libjpeg-turbo en versiones anteriores a la 1.3.1 permite que atacantes remotos causen una denegación de servicio (cierre inesperado) mediante un archivo JPEG manipulado, relacionado con el marcador Exif. USN-3706-1 fixed a vulnerability in libjpeg-turbo. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libjpeg-turbo incorrectly... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 0CVE-2013-6629 – libjpeg: information leak (read of uninitialized memory)
https://notcve.org/view.php?id=CVE-2013-6629
12 Nov 2013 — The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. La función get_sos de jdmarker.c en libjpeg 6b y libjpeg-turbo hasta la versión 1.3.... • http://advisories.mageia.org/MGASA-2013-0333.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2012-2806 – Mandriva Linux Security Advisory 2013-274
https://notcve.org/view.php?id=CVE-2012-2806
13 Aug 2012 — Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función get_sos en jdmarker.c en libjpeg-turbo v1.2.0 permite a atacantes remotos provocar una denegación de servicio (por caída de la aplicación) y posiblemente ejecutar código de su ele... • http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 • CWE-787: Out-of-bounds Write •