CVE-2020-17541 – libjpeg-turbo: Stack-based buffer overflow in the "transform" component
https://notcve.org/view.php?id=CVE-2020-17541
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. Libjpeg-turbo todas las versiones presentan un desbordamiento de búfer en la región stack de la memoria en el componente "transform". Un atacante remoto puede enviar un archivo jpeg malformado al servicio y causar una ejecución de código arbitrario o una denegación del servicio objetivo A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. • https://cwe.mitre.org/data/definitions/121.html https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 https://access.redhat.com/security/cve/CVE-2020-17541 https://bugzilla.redhat.com/show_bug.cgi?id=1968036 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2018-14498 – libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service
https://notcve.org/view.php?id=CVE-2018-14498
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. get_8bit_row en rdbmp.c en libjpeg-turbo, hasta la versión 1.5.90, y MozJPEG, hasta la versión 3.3.1, permite a los atacantes provocar una denegación de servicio (sobrelectura de búfer basada en memoria dinámica [heap]) mediante un BMP de 8-bit manipulado en el que uno o más de los índices de color está fuera de rango en para el número de entradas de paleta. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html https://access.redhat.com/errata/RHSA-2019:2052 https://access.redhat.com/errata/RHSA-2019:3705 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258 https://github.com/mozilla/mozjpeg/issues/299 https://lists.debian.org/debian-lts-announce/2019/03/msg00021 • CWE-125: Out-of-bounds Read •
CVE-2014-9092
https://notcve.org/view.php?id=CVE-2014-9092
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. libjpeg-turbo en versiones anteriores a la 1.3.1 permite que atacantes remotos causen una denegación de servicio (cierre inesperado) mediante un archivo JPEG manipulado, relacionado con el marcador Exif. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147336.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150957.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150967.html http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f http://www.openwall.com/lists/oss-security/2014/11/26/8 http://www.securityfocus.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-6629 – libjpeg: information leak (read of uninitialized memory)
https://notcve.org/view.php?id=CVE-2013-6629
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. La función get_sos de jdmarker.c en libjpeg 6b y libjpeg-turbo hasta la versión 1.3.0, tal y como se usa en Google Chrome anterior a la versión 31.0.1650.48, Ghostscript y otros productos, no comprueba ciertas duplicaciones de datos de componentes durante la lectura de segmentos que siguen marcadores Start Of Scan (SOS), lo que permite a atacantes remotos obtener información sensible desde localizaciones de memoria sin inicializar a través de una imagen JPEG manipulada. • http://advisories.mageia.org/MGASA-2013-0333.html http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html http://bugs.ghostscript.com/show_bug.cgi?id=686980 http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVE-2012-2806
https://notcve.org/view.php?id=CVE-2012-2806
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función get_sos en jdmarker.c en libjpeg-turbo v1.2.0 permite a atacantes remotos provocar una denegación de servicio (por caída de la aplicación) y posiblemente ejecutar código de su elección a través de un número de componentes demasiado grande en el encabezado de una imagen JPEG. • http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 http://osvdb.org/84040 http://secunia.com/advisories/49883 http://secunia.com/advisories/50753 http://security.gentoo.org/glsa/glsa-201209-13.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:121 http://www.openwall.com/lists/oss-security/2012/07/17/3 http://www.securityfocus.com/bid/54480 https://bugzilla.mozilla.org/show_bug.cgi?id=759802 https://bugzilla.redhat.com/s • CWE-787: Out-of-bounds Write •