CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46822 – libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c
https://notcve.org/view.php?id=CVE-2021-46822
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. El lector PPM en libjpeg-turbo versiones hasta 2.0.90, maneja inapropiadamente el uso de tjLoadImage para cargar un archivo PPM binario de 16 bits en un búfer de escala de grises y cargar un archivo PGM binario de 16 bits en un búfer RGB. Esto está relacionado con un desbordamiento del búfer en la región heap de la memoria en la función get_word_rgb_row en rdppm.c A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. • https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2 https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-17541 – libjpeg-turbo: Stack-based buffer overflow in the "transform" component
https://notcve.org/view.php?id=CVE-2020-17541
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. Libjpeg-turbo todas las versiones presentan un desbordamiento de búfer en la región stack de la memoria en el componente "transform". Un atacante remoto puede enviar un archivo jpeg malformado al servicio y causar una ejecución de código arbitrario o una denegación del servicio objetivo A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. • https://cwe.mitre.org/data/definitions/121.html https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 https://access.redhat.com/security/cve/CVE-2020-17541 https://bugzilla.redhat.com/show_bug.cgi?id=1968036 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-13960
https://notcve.org/view.php?id=CVE-2019-13960
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes ** EN DISPUTA ** En libjpeg-turbo versión 2.0.2, se puede usar una gran cantidad de memoria durante el procesamiento de una imagen JPEG progresiva no válida que contiene valores de ancho y altura incorrectos en el encabezado de la imagen. NOTA: la expectativa del proveedor, para los casos de uso en los cuales este uso de la memoria sería una denegación de servicio, es que la aplicación debe interpretar las advertencias de libjpeg como errores fatales (aborto de la descompresión) y/o establecer límites en el consumo de recursos o el tamaño de las imágenes • https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337 https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •